Aascendora Privacy Policy and Cookie Consent

Aascendora Pty Ltd (“Aascendora,” “we,” “us,” or “our”) is an Australian-based company operating a global online platform that connects clients with migration field experts. We are committed to protecting your privacy and managing personal information in an open and transparent way, in accordance with applicable laws including the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant international data protection regulations. This Privacy Policy (“Policy”) explains what personal data we collect from users (both clients and migration professionals), how we use and share that data, and the rights and choices you have regarding your information. By creating an account or using the Aascendora platform (“Platform”), you acknowledge that you have read and agree to this Policy. We may update this Policy periodically to reflect changes in our practices or the law, and will notify you of any material changes. The effective date of this Policy is 2nd of June, 2025.

Data We Collect

We collect personal information from you when you register an account, use our services, or otherwise interact with our Platform. This information is necessary for us to provide our services and ensure compliance with legal requirements. The types of data we collect include:

  • Identity and Contact Information: For clients, this may include your full name, email address, phone number, postal address, and other contact details. For migration professionals (“Professionals”), we collect your name, business or organization name (if applicable), contact details, and professional identifiers such as licensing or registration numbers (e.g., MARA number for Australian migration agents) needed to verify your credentials. Both clients and professionals may be asked to provide government-issued identification or documents (such as a passport or driver’s license) for identity verification and compliance purposes.

  • Profile and Account Data: When you create an account, we collect login credentials (username, password) and profile information. Professionals may provide additional profile data such as a biography, photograph, qualifications, areas of expertise, languages spoken, and service offerings so that clients can evaluate your services. Clients may provide details about their migration needs or other relevant information when requesting services. All users are required to furnish accurate, up-to-date information and keep their profiles current.

  • Payment Information: If you make or receive payments through the Platform, we collect information necessary to process those payments. Clients will provide payment details (such as credit card information or bank account details) when purchasing services. Professionals may provide payout information (such as bank account or payment service details) to receive funds. Important: Aascendora uses a secure third-party payment processor (including escrow services) to handle all financial transactions, and is PCI-DSS compliant. Payment card information is transmitted directly to our payment processor (e.g., Stripe) and is not stored on our servers beyond what is needed for record-keeping (such as transaction IDs or billing history). Funds are held in escrow and only released as per our service terms (e.g., when a client confirms service delivery).

  • Service Usage Data: We collect information about your use of the Platform. This includes transaction and interaction data (e.g., booking history, services requested or provided, communications between clients and professionals, and files or documents exchanged). For example, if you upload documents (such as visa application forms, supporting documents, resumes, etc.) to share with your migration professional or client, we will store those documents securely. We also retain messages or communications you have through our Platform’s messaging tools to facilitate collaboration and to resolve disputes or support inquiries if they arise.

  • Technical and Automatically Collected Data: When you access our website or Platform, we automatically collect certain data via cookies and similar tracking technologies (detailed in the “Cookies and Tracking” section below) and via logs. This data may include your IP address, device type, operating system, browser type, browsing actions on our site, referring website, and timestamps of visits. We also collect general geolocation information (e.g., country or city inferred from IP address) to optimize the Platform (for example, to display content in your language or to comply with regional legal requirements).

  • Optional Information: You may choose to provide us with additional personal information. For instance, if you contact us for support or complete any surveys or feedback forms, we will collect the information you provide (such as your opinions or experience with our services). If we ever expand features to include reviews or testimonials, any personal information included in those postings would be collected and displayed with your consent.

Sensitive Personal Data: In general, we try to limit the collection of sensitive personal data (such as information about race, ethnicity, health, or criminal history) unless necessary for providing our services or required by law. However, because migration services may involve such data (for example, health or character information relevant to a visa application), any sensitive information you choose to share with your migration professional via our Platform will be handled with strict confidentiality and extra security. We will only collect sensitive personal data with your explicit consent or if otherwise legally permissible, and we will use it only for the specific purposes for which it was provided.

Children’s Data: Our Platform is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from minors. If you are under 16, please do not use the Platform or provide any personal data. If we learn that we have inadvertently collected personal data from a minor, we will delete that information as soon as possible.

How We Use Your Data

Aascendora uses the collected personal data only for legitimate business purposes in connection with our Platform and services. We do not use your information for any purpose that is not compatible with the purposes described here. Specifically, we use your data for the following purposes:

  • Providing and Facilitating Services: To operate the Platform and facilitate the connections between clients and migration professionals. This includes using personal data to create and manage user accounts, enable profile pages, allow clients to search for and book services with Professionals, and allow Professionals to offer and deliver services. We use personal information to facilitate the services you request – for example, sharing necessary details with the Professional you have booked so they can provide advice or assistance. Any documents or information you submit for a service will be used by the Professional and by Aascendora solely to assist in the service delivery and related processes.

  • Identity Verification and Trust & Safety: We use identity and credential information to verify that Professionals are qualified (e.g., confirming a Professional’s license or registration number) and to verify user identities for fraud prevention and trust purposes. This helps us maintain a network of verified professionals and pre-verified clients, creating a trusted environment. For example, Professionals may be asked to provide proof of their license or registration which we will verify and possibly display a “verified” badge on their profile. We may also use personal data to perform checks against sanction lists or perform other compliance vetting if required by law.

  • Secure Communication and Collaboration: The Platform provides secure communication channels (such as messaging or chat, file sharing, and collaborative workspaces) for clients and professionals to discuss cases and exchange documents. We use personal data (like your name, and any information you include in communications) to enable these interactions. All communications and files on our Platform are subject to our security measures (including encryption) to ensure confidentiality.

  • Payment Processing and Transaction Fulfillment: We use payment and financial information to process transactions on the Platform. For clients, this means charging your chosen payment method for services purchased. For professionals, this means facilitating payouts of fees to you. We use third-party payment processors who will use your payment data only for the purpose of processing payments, fraud screening, and related financial record-keeping. We also generate and store transaction records (such as invoices, receipts, and payment confirmations) for accounting, auditing, and dispute resolution purposes. Our SecurePay™ system ensures payments are held in escrow until service delivery is confirmed, protecting both clients and professionals.

  • Service Administration and Customer Support: We will use your contact information to send you administrative communications related to your use of the Platform. For example, we may send booking confirmations, service updates, messages from the other party (client or professional), account notifications (such as password resets, security alerts), and information about updates to our terms or policies. If you contact us with a question or for support, we will use your information to respond and resolve any issues.

  • Improving and Personalizing Our Platform: We use usage data and analytics to understand how our Platform is used and to improve its functionality and user experience. For instance, we analyze data on which pages or profiles are visited, how long users stay, and which features are most or least used. This helps us optimize the Platform’s design, fix technical issues, and develop new features. It also helps us personalize your experience – for example, we might use your country or language preference to tailor content for you, or use your usage history to show you relevant professionals or services you might be interested in.

  • Marketing and Communications (with Consent): We do not sell or rent your data to third-party marketers. We may, however, use your email or contact information to send you promotional materials about Aascendora’s services, such as newsletters, new platform features, surveys, or events, but only if you have consented to such communications or if otherwise permitted by law. You can opt-out of marketing emails at any time by using the unsubscribe link in those emails or contacting us. We will not spam you, and we will honor all requests to opt out of marketing. (Transactional and service-related communications, as noted above, will continue as necessary for Platform operation.)

  • Fraud Prevention and Security Monitoring: We use personal data to monitor, detect, and prevent fraudulent or unauthorized activities on the Platform. This includes ensuring users comply with our Terms of Use and policies, investigating suspicious activities or violations, and taking measures to maintain the integrity and security of our Platform. For example, we may use automated tools to flag accounts for unusual behavior (such as multiple failed login attempts or transactions from high-risk regions) for further review.

  • Legal and Regulatory Compliance: We use and retain personal information as needed to comply with our legal obligations under applicable laws. This includes using data to fulfill reporting obligations (if any) to government authorities, responding to lawful requests (such as court orders or subpoenas), and ensuring compliance with immigration-related regulations if applicable. For example, we might be required to keep certain transaction records for tax or accounting purposes, or to report certain payments or suspicious activities under anti-money laundering laws. We also use personal data to enforce our agreements (such as our Terms of Service) and to protect our legal rights or the rights of others.

We limit our use of your personal information to the purposes above and other purposes that are compatible with those above (or that you consent to). We do not use your data for any form of automated decision-making or profiling that produces legal or similarly significant effects on you without human involvement. If we ever need to use your personal data for a new purpose not described in this Policy, we will obtain your consent or inform you of the new purpose as required by law.

Third-Party Sharing and Disclosure

Aascendora respects your privacy and shares personal data with third parties only in limited circumstances, and always under appropriate safeguards. We do not sell, rent, or trade your personal information to unrelated third parties for their own marketing or other independent purposes. The categories of third parties with whom we may share your information, and the reasons for sharing, are as follows:

  • Service Providers and Partners: We employ trusted third-party companies to perform functions on our behalf in order to operate and enhance our services. This includes:

    • Payment Processors: As noted, all payments on Aascendora are handled through third-party payment gateways or escrow services (such as Stripe or similar), which process your payment transactions securely. These payment processors receive your payment data directly (e.g., credit card number, bank account) to process transactions and are bound by strict confidentiality and security obligations. They only use your data for processing payments, verifying transactions, and handling any payment-related inquiries or disputes.

    • Analytics and Tracking Tools: We use third-party analytics tools (notably Google Analytics) to collect information about how users interact with our Platform. These providers set cookies or use similar technologies (see “Cookies and Tracking” below) to gather usage data (such as page visits, session duration, and other usage statistics). The information obtained through analytics is used to help us understand website traffic and improve our services. Google Analytics may receive your truncated IP address or device identifiers, but this information is aggregated and does not identify you by name. Google is prohibited from using the data collected on our behalf for any purpose other than providing us these analytics services. We also utilize tools like Facebook Pixel for analytics and advertising purposes – for example, to help measure the effectiveness of our Facebook ads and to allow us to reach users who have visited our site with relevant advertisements on Facebook or Instagram. These tracking tools provided by third parties mean that those third parties (Google, Facebook, etc.) may collect certain information about your online activities on our site and other sites, under their own privacy policies.

    • Hosting and IT Infrastructure: Aascendora’s website and platform are hosted on third-party servers or cloud services (for instance, we leverage secure hosting providers and possibly platforms like Odoo for our site infrastructure). These hosting providers store and process data (including your personal information and files you upload) on our behalf. We ensure that such providers employ strong security measures and, where data is stored in a cloud environment, that data centers are compliant with international security standards.

    • Communications Tools: We may use third-party services to send emails, notifications, or to provide customer support (for example, an email service provider to send out account emails, or a CRM tool to manage support inquiries). These providers will access your contact details or messages only as needed to perform their functions for us, and they are contractually obligated to protect your data.

    • Verification Services: In some cases, we may use third-party identity verification or compliance services. For instance, to verify a Professional’s credentials or to run necessary background checks (where permitted by law) we might share certain details (like your name, license number, or identification document) with a verification service. Such third parties would be allowed to use that information solely to perform the verification or check and must handle it confidentially.

  • Other Users (Clients and Professionals): By the very nature of our Platform, some of your personal information will be shared with other users in the course of providing services:

    • Professional Profiles: If you are a migration Professional, the profile information you choose to provide (such as your name, photo, professional qualifications, location, services offered, client reviews, etc.) will be visible to users of the Platform, including prospective clients. This is necessary for clients to identify and assess you for their needs. We encourage Professionals to limit personal contact details on their public profile, as initial communication should occur through our Platform for security and privacy.

    • Client Information to Professionals: If you are a client, your relevant information will be shared with the Professional you choose to engage. For example, when you book a consultation or service, the Professional will see your name, the information you provided about your case or questions, and any documents you upload for them. We provide your contact information to the Professional only as needed for service delivery (for instance, your email or phone if the service requires direct communication outside the Platform, though normally our secure messaging should suffice). Professionals are required to keep client information confidential and use it only for providing the agreed services, in accordance with this Policy and our Terms.

    • Collaboration and Forum: If our Platform offers any public forums or community features (such as a Q&A forum or public discussion boards), any information you post there (which could include personal data you choose to share) will be visible to others. We advise caution in sharing personal information in any public areas of the site.

  • Legal and Regulatory Disclosure: We may disclose personal information to governments, regulators, law enforcement agencies, courts, or other public authorities when we believe in good faith that such disclosure is required or permitted by law. This includes:

    • Compliance with Legal Obligations: If we receive a lawful subpoena, court order, or other legal demand for information, we may disclose data as required. We will attempt to notify you of such requests when allowed by law. We may also disclose information to comply with mandatory reporting requirements (for example, under anti-money laundering laws or reporting obligations to immigration authorities, if applicable).

    • Enforcing Our Rights: We may disclose data as necessary to exercise, establish, or defend our legal rights. For example, we might share information with our legal advisors or with the courts if we are involved in litigation, or to collect overdue fees, or to enforce our Terms of Use or other agreements.

    • Preventing Harm: If we believe that your actions are inconsistent with our user agreements or policies, or if it’s necessary to investigate, prevent, or take action regarding suspected illegal activities, fraud, or security threats, we may disclose information to relevant authorities or organizations. We may also share information in emergency situations when the health or safety of someone may be at risk (for instance, reporting information to law enforcement concerning threats or self-harm situations as allowed by law).

  • Business Transfers: If Aascendora undergoes a business transaction such as a merger, acquisition by another company, reorganization, or sale of all or part of our assets, your personal information may be transferred as part of that deal. We will ensure that any such transfer is subject to appropriate confidentiality and that your data remains protected. If a new entity will materially change the way your data is handled, we will give you notice and an opportunity to exercise your rights (for example, to delete your data if you wish) before the transfer occurs.

  • With Your Consent or At Your Direction: We will share your personal data with third parties not covered in the above categories only if you specifically request or consent to such sharing. For instance, if you ask us to share your information with a third-party advisor or if you opt-in to an integration that requires data sharing, we will do so under the terms you agree to at that time.

No Unauthorized Third-Party Access: We do not grant third parties any access to your personal information except as described above. We do not disclose your personal communications or documents to any third party except as necessary to operate the Platform or as required by law. Notably, we have a strict “No Data Sale” policy – we will never sell or rent your personal data to advertisers or analytics companies for their own purposes. Any third parties we engage are service providers working on our behalf and must adhere to our data privacy and security requirements.

Cookies and Tracking Technologies

What Are Cookies: Cookies are small text files stored on your browser or device by websites, applications, or advertisements. Similar technologies include web beacons (pixel tags), local storage, and SDKs in mobile apps. These technologies enable the site to recognize your device and store information about your preferences or past actions. We use cookies and similar tracking technologies on the Aascendora Platform to ensure it functions properly, to improve your user experience, and to support our analytics and advertising efforts.

How We Use Cookies: When you visit our website, we (and authorized third parties) may set several types of cookies:

  • Strictly Necessary Cookies: These cookies are essential for the operation of our Platform. They enable core functionality such as user login, account authentication, secure payment processing, and load balancing (to keep the site available). Without these cookies, the Platform may not function correctly. For example, when you sign in, we use a session cookie to keep you logged in as you navigate between pages. These cookies do not collect personal data for marketing purposes and are generally exempt from consent requirements under applicable laws (though we still inform you of their use).

  • Preferences/Functional Cookies: These allow our site to remember choices you make and provide enhanced, more personalized features. For instance, we might use a cookie to remember your selected language, your time zone or location (to show relevant content), or other customizations so you don’t have to set them every time. Functional cookies may also remember your login details for faster sign-in (if you choose “remember me”). While not strictly necessary, these cookies improve the user experience.

  • Analytics/Performance Cookies: We use these to collect information about how visitors use our Platform – which pages are visited, traffic sources, and user interactions. The primary tool we use is Google Analytics, which places cookies to gather site usage statistics (like Google’s _ga cookie). The data from these cookies is aggregated and helps us understand user engagement and improve site performance. For example, we learn which content is most popular or if users encounter errors on certain pages. Google Analytics may collect information such as your IP address, browser type, and pages visited, but we have configured it in a way that does not identify you personally (IP anonymization is enabled where applicable). We treat these analytics data as personal information if it can be reasonably linked to an individual (and in the EU, cookie identifiers and IP addresses are considered personal data). We disclose our use of such analytics cookies in this Policy as required by Australian and international privacy laws.

  • Advertising/Marketing Cookies: These cookies track your online activity to help us deliver more relevant advertisements or to measure the effectiveness of our marketing campaigns. Aascendora itself does not host third-party ads on our Platform, but we use tools like Facebook Pixel and possibly Google Ads cookies for our own marketing. For example, the Facebook Pixel on our site allows Facebook to recognize that you visited Aascendora, which can help us (a) show you targeted ads on Facebook platforms about our services (if you are a Facebook user), and (b) measure ad conversions (to see if our Facebook ads lead to sign-ups or other actions on our site). These marketing cookies collect information such as when you visit our site, your browser and device identifiers, and your interaction with our site’s pages. They then use that information to infer your interests and may follow you to other sites. Important: These cookies operate only with your consent (especially for users in GDPR jurisdictions). We do not have access to the individual data collected by these third-party advertising cookies; we receive only aggregated reports. Nonetheless, these cookies do share some data with the third parties (like Facebook or Google) which act as joint controllers of that data for their own limited purposes. Please refer to those companies’ privacy policies for more details on how they handle the information (e.g., Facebook’s Data Policy, Google’s Privacy Policy).

Consent and Control: Because non-essential cookies (like analytics and advertising cookies) involve processing of personal data and tracking, we follow applicable laws on obtaining user consent:

  • If you are in the European Union (or a jurisdiction with similar requirements), we will present a Cookie Consent banner on your first visit that explains what cookies we use and asks for your consent for any cookies that are not strictly necessary. You have the choice to accept all cookies, reject non-essential cookies, or customize your cookie preferences. Until you give consent, our site will not set or enable non-essential cookies (such as analytics or marketing cookies) on your browser. You can change your preferences at any time by using our Cookie Settings link (available in the footer of the site) or by clearing cookies in your browser and visiting our site again to reset your consent.

  • For users in Australia and other regions where explicit prior consent may not be strictly required for cookies, we still adhere to principles of transparency and user control in line with the APPs. By continuing to use our site after being notified of our use of cookies, you are deemed to consent to our use of cookies (this is a form of implied consent). However, you still retain full ability to opt out or adjust cookie settings as described. We provide notice of cookies via this Policy and our cookie banner. Even if you initially consent by usage, you can later opt out of analytics/advertising cookies by adjusting your browser settings or using opt-out mechanisms provided by the third parties (for example, Google’s opt-out add-on for Analytics, or using “Do Not Track” signals which we will honor to the extent feasible).

  • Regardless of location, all users can disable or delete cookies through their browser settings. Most web browsers allow you to refuse new cookies, delete existing cookies, or alert you when new cookies are being set. Please note that blocking all cookies (including necessary cookies) might impair some features of our Platform (for instance, you may not be able to stay logged in or use the payment functionality if cookies are disabled). We therefore recommend allowing at least the strictly necessary cookies for our site to function properly.

Other Tracking Technologies: We might use web beacons (tiny graphic images or scripts) in our HTML emails to know if the email was opened or if certain links were clicked, helping us gauge the effectiveness of our communications. You can disable the downloading of images in your email client if you prefer not to allow this tracking. We do not use technologies like keystroke logging or invasive profiling scripts. Any third-party integrations we use for analytics or ads are listed above and operate as described.

Third-Party Websites: If you click on a link to a third-party website (for example, links to reference articles, social media, or payment gateways), those sites may also place cookies. This Policy does not cover third-party websites – please refer to those sites’ cookie and privacy policies.

We maintain a Cookies & Tracking Notice (see the “Cookie Consent Notice” section at the end of this Policy) summarizing our use of cookies, which is compliant with GDPR and Australian requirements. For more detailed information on specific cookies we use (names, purposes, expiration), please see our dedicated Cookies Policy page or contact us.

International Data Transfers

Aascendora is headquartered in Australia, but we serve users across Australia, Sri Lanka, other parts of Asia, Europe, the United States, and globally. Consequently, the personal data we collect may be transferred to or accessed by entities outside of your home country. By using our Platform or providing us your information, you acknowledge that your personal data may be processed in multiple countries, including Australia and (for certain service providers) the United States, European Union member states, and other jurisdictions where we or our partners operate.

Australia to Other Countries: If you are in Australia, note that your data might be transferred overseas (for example, we may store data on cloud servers in another country, or a client/professional overseas may access your information through the Platform). Australian law (APP 8 – Cross-border disclosure of personal information) requires that before we disclose personal information to an overseas recipient, we take reasonable steps to ensure that the recipient will handle the information in a manner consistent with the APPs. In practice, this means we will only transfer data abroad if:

  • The recipient is subject to a law or binding scheme that offers similar protection to the APPs, or we have entered into a contract with them that requires them to protect the information to the standard of Australian law;  or

  • You consent to the cross-border disclosure after we inform you that the overseas recipient may not be bound by Australian privacy law; or

  • Another exception in the Privacy Act applies (e.g., the transfer is necessary for us to fulfill our contract with you, is for your benefit and it’s impractical to obtain your consent, or we are required by Australian law or court order to transfer the data).

We remain responsible for protecting your personal information no matter where it is processed. In the event of an international transfer, Aascendora will continue to safeguard your data under this Policy and applicable laws. We will take all reasonable measures to ensure any overseas party deals with your data securely and only for the purposes we’ve authorized.

EEA (European Economic Area) and UK Users: If you are located in the EEA, United Kingdom, or Switzerland, we comply with GDPR requirements regarding international transfers. Your personal data may be transferred to countries that the European Commission (or UK authorities) has determined do not provide an adequate level of data protection (for example, Australia and the United States currently do not have blanket adequacy decisions). For such transfers, we put in place appropriate safeguards:

  • We may rely on Standard Contractual Clauses (SCCs) approved by the European Commission (or equivalent UK International Data Transfer Agreement/Addendum) in our contracts with service providers to ensure your personal data has legally enforceable protections when transferred outside the EEA/UK. These clauses contractually obligate the recipient to protect your data to EU GDPR standards.

  • In some cases, transfers to the U.S. may be covered by the new EU-U.S. Data Privacy Framework if the recipient is certified under that framework. We will use such mechanisms as available and appropriate.

  • We also evaluate on a case-by-case basis whether supplementary measures (such as encryption in transit and at rest, access controls, and provider transparency) are needed to ensure transferred data remains protected in line with EU law.

You can request a copy of the relevant transfer safeguards (such as SCCs) by contacting us (see Contact Information below).

Other Regions: For users in other jurisdictions (e.g., Asia or Americas outside U.S.), we similarly ensure compliance with any cross-border data transfer requirements under applicable laws. For example, if local law requires consent for international transfer, we will obtain your consent, and if specific contractual measures are mandated, we will implement them.

Where We Store Data: Primarily, data collected by Aascendora is stored on secure servers located in Australia and/or cloud servers which could be in various regions (e.g., data centers in the Asia-Pacific or US, depending on our infrastructure providers). Some of our support or operational team members may access data remotely from other countries (for example, if we have team members in Sri Lanka or other parts of Asia), but they do so under strict company policy and confidentiality agreements.

Regardless of where your personal information is transferred or stored, we will protect it with appropriate technical, organizational, and legal safeguards as described in this Policy. Our goal is to ensure that your privacy rights continue to be respected and that your personal data enjoys a high level of protection worldwide.

User Rights and Choices

We believe in empowering our users with control over their personal information. Depending on your jurisdiction, you have a number of rights regarding the personal data we hold about you. Aascendora will honor all rights you have under applicable data protection laws. These rights include:

  • Access Your Information: You have the right to request confirmation of whether we are processing your personal data, and to request a copy of the information we hold about you. We will provide you with access to your personal data, usually in electronic form. For Australian users, this aligns with APP 12 which grants access rights, subject to certain exceptions. For EU users, this is your GDPR Article 15 right to access. If you have an account, you can also access basic personal details by logging into your profile.

  • Rectification (Correction): We strive to keep your information accurate and up-to-date. If any of your personal data is incorrect or incomplete, you have the right to request that we correct or update it. Many changes (like updating your contact info) can be made by you directly in your account settings. For other corrections, contact us and we will rectify any inaccuracies or omissions. Under APP 13 and GDPR Article 16, we will correct information and notify you of the action taken.

  • Erasure (Deletion): You may request that we delete your personal data in certain circumstances (often known as the “right to be forgotten” under GDPR). For example, if you no longer want to use our services, you can request account deletion. We will honor such requests provided that we do not have a compelling reason or legal obligation to retain the data. If you request deletion, we will also take reasonable steps to inform any service providers or third parties with whom we have shared your data so they can also delete it, where required. Please note that we cannot delete data that we are required to keep by law or which is necessary to fulfill our contractual obligations or defend legal claims (see “Data Retention” below for examples of retention). Also, if you request deletion, we may retain minimal identifying information to record that we fulfilled your request, or to prevent duplicate accounts fraud.

  • Account Deactivation: As an alternative to full deletion, you may choose to deactivate your Aascendora account. Deactivation means your profile will no longer be visible, and you will not be able to use the Platform, but we will retain your data in case you reactivate or for record-keeping. If you’d like to deactivate, please contact support or use any self-service feature if available. We treat deactivated accounts’ data as we would data of former users, retaining it only as necessary (see Retention).

  • Data Portability: For users in jurisdictions like the EU, you have the right to data portability (GDPR Article 20). This means you can request to receive a copy of certain personal data in a structured, commonly used, machine-readable format, and/or request that we transmit that data to another service provider where technically feasible. Typically, this would apply to data you provided to us (for example, the content of your user profile, or transaction history related to you). We will assist with such requests to the extent required by law and technically practical.

  • Withdraw Consent: In cases where we rely on your consent to process data (e.g., for optional marketing emails or for placing certain cookies), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, and it will not affect processing of your data under other legal bases. If you withdraw consent for marketing, we will stop sending you promotional communications. If you withdraw consent for cookies, we will stop using those non-essential cookies on your visits. You can withdraw consent by adjusting your account settings (for marketing preferences), using our cookie management tool (for cookies), or by contacting us.

  • Object to Processing: You have the right to object to our processing of your personal data in certain situations.

    • Direct Marketing: You can always object to your data being used for direct marketing purposes. If you opt-out or object, we will cease use of your data for marketing.

    • Legitimate Interests: If we are processing your data based on our legitimate interests (or those of a third party), you can object to that processing if you believe it infringes on your rights. If you raise an objection, we will evaluate it. We may continue processing if we have compelling legitimate grounds that override your rights or if needed for legal claims; otherwise, we will cease the processing in question.

  • Restriction: You have the right to request that we restrict processing of your personal data in certain scenarios – for example, while we are verifying the accuracy of data you contested, or if processing is unlawful but you prefer restriction to deletion. When processing is restricted, we will store your data but not actively use it (aside from storing it securely and as necessary for establishing legal claims or with your consent).

  • Anonymity and Pseudonymity (Australia-specific): Under APP 2, individuals have the option of not identifying themselves or of using a pseudonym when dealing with organizations, whenever lawful and practicable. Given the nature of Aascendora’s services, full anonymity is not practicable – we require verified identities to ensure trust between clients and professionals, and to comply with legal obligations. However, we allow certain pseudonymous uses: for example, you may choose a display name or username that is not your full legal name for public-facing profiles or forum participation, as long as your identity is verified with us. We will also consider any requests you have for more anonymous interaction and will accommodate if possible.

  • Complaints and Redress: If you believe we have violated your privacy rights or handled your data in a way that is not consistent with this Policy or applicable law, you have the right to lodge a complaint. Please contact us first – we take privacy complaints seriously and will work with you to resolve your concerns. If you are not satisfied with our response:

    • Australian users can lodge a complaint with the Office of the Australian Information Commissioner (OAIC), which is the regulator that oversees the Privacy Act.

    • EU/UK users can lodge a complaint with their local Data Protection Authority (DPA). For example, in the UK this would be the Information Commissioner’s Office (ICO), in France the CNIL, in Germany your state DPA, etc. We can provide details of the relevant authority on request.

    • Users in other jurisdictions may also have the right to contact their relevant privacy or data protection regulator.

How to Exercise Your Rights: To exercise any of your rights described above, please contact us using the information in the Contact section. We may need to verify your identity before fulfilling certain requests (for example, access or deletion requests) to ensure the security of your data. In most cases, you will not have to pay a fee to exercise these rights, but note that repetitive or excessive requests may be subject to a reasonable fee as permitted by law. We will respond to your request within a reasonable timeframe as required by law (GDPR mandates typically within 1 month, the Australian Privacy Act says we should respond within a reasonable period). If we are unable to fulfill your request (due to legal exceptions – e.g., we cannot delete data we must retain for legal reasons), we will explain the reasons in our response.

User Choices: In addition to formal rights, you have various choices in how you use our services:

  • You can choose not to provide certain information (bearing in mind some data is required for service – we will indicate what is mandatory).

  • You can choose to use browser or device settings to control cookies and tracking (discussed above).

  • You can choose whether to fill out optional profile fields or share additional info with professionals. Only share what you are comfortable with, and remember you can edit or remove info in your profile at any time.

  • You can opt out of marketing communications as described.

  • You can close your account if you no longer wish to use our services (we hope to have you stay, but it’s your choice!).

We are committed to enabling your rights in a fair and effective manner. Please feel free to reach out with any questions about your privacy or how to exercise your rights.

Data Security

Aascendora takes the security of your personal information very seriously. We have implemented a variety of technical and organizational security measures to protect your data from unauthorized access, use, alteration, or destruction. These measures include:

  • Encryption: All data exchanged on our Platform is protected by encryption in transit using HTTPS/TLS (Secure Sockets Layer) protocols. This means that the information you submit (such as login credentials, personal details, and documents) is encrypted while traveling between your device and our servers. Additionally, sensitive data (including personal documents and identification information) is encrypted at rest when stored in our databases or cloud storage. We also utilize encryption for data backups.

  • Secure Storage and Access Controls: Personal data and documents are stored on secure servers with strong firewalls and intrusion detection systems. We employ strict access controls – only authorized personnel with a need-to-know can access personal data, and even then, only the minimum necessary data. Our staff are trained on privacy and security practices, and each employee or contractor is bound by confidentiality obligations. Administrative access to systems containing personal data is restricted and requires multi-factor authentication.

  • Enterprise-Grade Infrastructure: We utilize reputable hosting providers and cloud services known for robust security practices (such as data centers that are ISO 27001 certified or comply with SOC 2 standards). Our Platform itself is built with security in mind; we keep our software frameworks and libraries up to date to protect against vulnerabilities. Regular security patches are applied to servers and software.

  • SecurePay™ and Payment Security: All payment processing is handled by PCI-DSS compliant providers. This means the payment environment meets strict security standards for handling credit card data. We do not store full payment card details on our systems to minimize risk. Transaction information is transmitted securely to the payment gateway, which is responsible for its protection.

  • Monitoring and Testing: We monitor our systems for possible vulnerabilities and attacks. This includes maintaining audit logs of system access, employing anti-malware and endpoint protection, and using network security tools. We periodically run security assessments and penetration tests (often via third-party security experts) to find and fix potential weaknesses. Any vulnerabilities discovered are promptly addressed.

  • Backups and Recovery: We perform regular data backups and have disaster recovery plans in place. Backups are encrypted and stored securely. In case of any system failure or data loss event, we can restore data to minimize disruption.

  • Third-Party Security: When we engage third-party service providers (as detailed earlier) that will handle personal data, we vet their security practices. We ensure through contracts that they must apply adequate security measures. For example, our analytics and advertising partners only see pseudonymized or aggregated data and are industry-standard companies with their own security controls.

  • Internal Policies: We maintain and enforce internal policies concerning data protection. This includes policies on how to handle user data, incident response procedures, and regular training for our team on cybersecurity and privacy. We also implement the principle of least privilege internally – staff can only access the information necessary for their role.

  • Data Minimization: We avoid storing personal data that we do not need. We minimize the use of sensitive information and, where feasible, use techniques like pseudonymization or anonymization. For instance, if we only need high-level statistics, we aggregate data rather than using personal-level data.

  • Account Security: We provide you with tools to keep your account secure. Please choose a strong, unique password for your account and keep your login credentials confidential. We will never ask you for your password via email or phone. If you suspect any unauthorized activity in your account, please notify us immediately. We may also offer additional security features like two-factor authentication (2FA) for account login; we encourage you to use these features if available.

Despite our best efforts with robust measures, it’s important to note that no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security. In the unlikely event of a data breach that affects your personal information, we will act promptly to contain and remedy the breach. We will notify affected users and relevant authorities as required by law. For example, under Australian law we comply with the Notifiable Data Breaches scheme – if a data breach is likely to result in serious harm, we will inform the Office of the Australian Information Commissioner and impacted individuals as required. Under GDPR, we would report certain breaches to data protection authorities within 72 hours and notify individuals when required.

By using Aascendora, you acknowledge that you understand the inherent risks of data transmission online and you agree that we have implemented commercially reasonable safeguards. We continuously update and improve our security measures to meet or exceed industry best practices. Your role in security is also crucial – please protect your account credentials and use caution when sharing information.

If you have any questions about the security of our Platform, or if you detect any vulnerabilities or security incidents, please contact us immediately at our security contact (you may use the legal@aascendora.com email, or any special security contact if provided on our website). We appreciate feedback and will responsibly coordinate with researchers or users to address any issues.

Data Retention

We will retain your personal information only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of providing services to you and satisfying any legal, accounting, or reporting obligations. The length of retention may vary depending on the category of data and the context in which it was provided. Our retention practices are guided by the principle that we do not keep personal data longer than we have a lawful reason to keep it.

Here is a general overview of our retention periods:

  • Account Information: If you have an account with Aascendora, we retain your personal profile information for as long as your account is active. If you decide to close your account, we will initiate the process of deleting or anonymizing your personal data. However, we may retain certain information even after account closure, as required or permitted by law. For example, we might keep a record of your email address or account ID in our suppression list to ensure we don’t inadvertently recreate your account or send you emails after you’ve opted out. We may also keep logs of when your account was deleted as a business record.

  • Transaction and Service Data: We retain records of the services transacted through our Platform (such as bookings, payments, communications, and documents exchanged) for a period necessary to administer the service and handle any potential disputes. Typically, this could be for the duration of the client-professional engagement plus a reasonable period (e.g., up to several years thereafter). This retention allows participants to access records of what was done and to resolve any follow-up issues. In many jurisdictions, we are also required to retain certain financial and transaction records for a minimum period. For instance, Australian tax law and accounting standards may require us to keep records of payments and invoices for 7 years. Similarly, if a transaction falls in a period subject to an audit or investigation, we will retain relevant data until the matter is closed.

  • Legal and Compliance Retention: We will retain personal data as needed to comply with legal obligations. This can include:

    • Tax and Financial Records: As mentioned, financial transaction data (which may include personal info like names on invoices) is generally kept for 5-7 years as required by tax law or financial regulation.

    • Regulatory Compliance: If specific regulations apply to our industry (e.g., immigration consultation requirements, anti-money laundering checks), we will retain any necessary data for the period mandated by those regulations. For example, KYC (Know Your Customer) records might need to be kept for a certain number of years after account closure under AML laws.

    • Litigation Holds: If we are involved in a legal dispute or receive a legal order to preserve data, we will retain the data relevant to that issue until it is resolved, even if that extends beyond our standard period.

    • Breach and Consent Records: We maintain records of privacy-related requests and consents. If you’ve given consent for something, we keep a record of that consent (and when/how you gave it) as proof. If you withdraw consent or exercise a privacy right, we log that event to demonstrate compliance.

  • Communications: If you contact customer support or correspond with us, we may retain those communications for a period of time as needed to address your issue and to improve our services (for instance, we might keep support emails for up to 2 years to track recurring issues or to train our staff). We will purge these periodically if no longer needed.

  • Website Analytics Data: Data collected via cookies and analytics is often aggregated and anonymized over time. Raw analytics logs (with IP addresses or cookie IDs) are typically retained for a short period (perhaps 14 to 26 months in Google Analytics, as per our settings). We receive reports that do not personally identify users. Any personally identifiable analytics or tracking information is either deleted or de-identified when it’s no longer necessary for analysis.

  • Backup and Archival Copies: Even after we delete your personal data from our active systems, it may persist in secure backups. Our backup systems are cyclic, meaning that eventually backup data is overwritten or deleted as well, but there can be a lag. We also maintain archives for business continuity. We secure these backups and archives with encryption. If we restore data from a backup for disaster recovery, we will re-delete the data that was supposed to be deleted, honoring any deletion requests.

Once the retention period expires, and we no longer have a legitimate reason to keep your data, we will either securely delete it or anonymize it (so it can no longer be associated with you). Destruction and De-identification: In compliance with the Privacy Act and other laws, we take reasonable steps to destroy or permanently de-identify personal information that is no longer needed. For electronic data, this might involve secure deletion (wiping) from our databases. For physical records (if any), it involves shredding or incineration.

If for technical reasons it is not possible to completely remove some data (for example, data stored in encrypted form on off-site backups), we ensure such data is securely stored and isolated from further active use until deletion is possible.

Retention for Research/Statistical Purposes: We may retain anonymized or aggregated data (which is not personally identifiable) for longer periods for statistical analysis, business insights, and product development. For example, we might keep overall metrics on platform usage or migration trends indefinitely, as this data no longer identifies any individual.

In summary, we do not keep personal data indefinitely. Each type of data is retained only as long as necessary. If you have specific questions about how long we keep a certain type of information, or if you want us to delete something, please contact us. We will be transparent about our practices and will accommodate deletion requests as fully as we can (in line with the rights section above).

Legal Disclosures

There are certain circumstances where Aascendora may disclose your personal information to third parties without your explicit consent, as required or permitted by law. We outline these scenarios here to be fully transparent:

  • Compliance with Laws and Law Enforcement: As mentioned under Third-Party Sharing, we may be compelled to disclose information by law. If we receive a valid legal request – such as a subpoena, search warrant, court order, or government demand – we will evaluate it carefully. If the request has a legitimate legal basis, we will comply and disclose the requested data. We will limit the disclosure to the specific information demanded (for example, if only certain records are requested, we will not voluntarily provide more). Where allowed, we will attempt to notify affected users so you have an opportunity to object or seek legal protection. However, sometimes we may be legally prohibited from notifying you (for instance, if a government agency imposes a gag order).

  • Regulatory Investigations: If a regulatory body with jurisdiction (such as the OAIC in Australia, or a Data Protection Authority in the EU) is investigating us or issuing an order related to personal data, we may be required to provide relevant user data to them. We will do so in a secure manner and under legal obligation.

  • Litigation and Dispute Resolution: If we become involved in litigation or a dispute with a user or a third party, we may need to disclose certain data as evidence (for example, logs of transactions or communications) to protect our legal position. This could involve sharing information with lawyers, experts, or courts/arbitrators. We will ensure any sharing is done under confidentiality where possible.

  • Enforcing Our Terms and Policies: We may disclose information to third parties (including law enforcement or private investigators) when necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, or violations of Aascendora’s Terms of Use or other agreements. For example, if we suspect that a user is engaging in identity theft or scamming others on the Platform, we may share information with law enforcement to address that misconduct.

  • Emergency Situations: If someone’s life, health, or safety is at risk and we have information that could help, we might disclose information to the appropriate authority in an emergency (for instance, providing a user’s location or identity to the police if we receive a credible report of self-harm or harm to others). We would only do this under urgent circumstances and as allowed by privacy laws (which often have exceptions for preventing serious threats to life or health).

  • Business Reorganization: In the event of a merger, acquisition, bankruptcy, or sale of all or a portion of our company assets, personal data may be among the assets transferred to the new owner or successor entity. Such a transfer is generally considered a “use consistent with the purpose it was collected” (continuing to provide services to you). If such an event occurs, we will notify users via the website or email, explaining any choices you may have regarding your data in that context. The new entity will still be bound by this Privacy Policy unless you’re notified of changes.

  • Consent and At Direction: Though not a legal requirement, we re-iterate that if you specifically ask us to share data with a third party, we will do so (this is effectively you authorizing a disclosure). For instance, if you use a feature to export or share your data to another platform or to an advisor, that is done at your direction.

It’s important to note that nothing in this Policy is intended to restrict Aascendora’s ability to:

  • Defend itself against legal claims,

  • Comply with law enforcement or regulatory directives,

  • Participate in any legal process, or

  • Take actions it deems necessary to safeguard the rights, property, or safety of Aascendora, our users, or the public.

We will always strive to balance any legal disclosure with the privacy expectations of our users. Wherever feasible, we will use mechanisms like NDAs or protective orders to maintain confidentiality of user data in legal proceedings. We will also log and keep record of any significant disclosures of personal data, as part of our accountability.

If you have any questions about how we handle legal requests or what has been disclosed, you may contact us (bearing in mind we might not be able to reveal details if prohibited by law, but we will do our best to provide general information).

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or how your personal information is handled at Aascendora, please do not hesitate to contact us. We are here to help and address any issues you may have.

Contact Details for Privacy Inquiries:

  • Aascendora Pty Ltd

  • Registered Office: 133 Grey Street, South Brisbane, Queensland 4101, Australia

  • Email: legal@aascendora.com  (For privacy-specific inquiries)

  • Postal Mail: 133 Grey Street, South Brisbane, Queensland 4101, Australia

When contacting us, please provide your name, contact information, and a clear description of your request or concern. If you are making a request to exercise your privacy rights, specify which right you are invoking (e.g., access, correction, deletion) and the context (for example, the email associated with your account, if applicable). We may need to verify your identity for certain requests  if so, we will guide you through a verification process.

Data Protection Officer (DPO)/Privacy Officer: Given the scale and nature of our operations, Aascendora may not be legally required to appoint a formal Data Protection Officer under GDPR. However, we have a designated Privacy Officer who oversees our privacy compliance. Any communications to “legal@aascendora.com” or “privacy@aascendora.com” will be directed to that person or team. If you are an EU resident and require contact with an EU representative or have questions specific to GDPR, please mention this in your inquiry, and we will route it appropriately.

Office of the Australian Information Commissioner (OAIC): If you’re in Australia and feel your issue has not been resolved by us, you can contact the OAIC. They can be reached at 1300 363 992 or via their website oaic.gov.au or dlapiperdataprotection.com.

Data Protection Authorities (International): Users in the EU may contact their local DPA (for example, the ICO in the UK at ico.org.uk or other EU DPAs listed on the European Data Protection Board website). Users in other countries may contact their respective privacy regulators. We hope to resolve any issue directly, but we provide this information so you know your rights.

This Privacy Policy is published by Aascendora Pty Ltd. If you require a copy of this Policy in an alternate format (e.g., a printed copy or a copy in another language, if available), please contact us and we will do our best to accommodate.




Whatsapp chatbot Support

If any query please ask to support team