Privacy Policy
1. Introduction
Willow Compliance Pty Ltd, an Australian company, respects your privacy and is committed to protecting your personal information.
This Privacy Policy explains how we collect, use, disclose and safeguard your personal data when you visit our website heywillow.ai, interact with us, or use our services.
We comply with:
The Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles
The General Data Protection Regulation (EU) 2016/679 (GDPR)
Other applicable data protection laws where relevant
By using our website, you agree to the terms of this Privacy Policy.
2. Who We Are
Willow Compliance Pty Ltd is an Australian-based company that provides AI-powered compliance software for healthcare, aged care and disability service providers.
If you are located in the European Union or United Kingdom, Willow Compliance Pty Ltd acts as the data controller in relation to personal data collected through our website.
3. What Personal Information We Collect
We may collect the following categories of personal information:
Information You Provide Directly
When you submit a web enquiry form, book a demo or contact us, we may collect:
Full name
Organisation name
Job title
Email address
Phone number
Industry sector
Any additional information you include in your message
Newsletter and Marketing Subscriptions
If you subscribe to updates, we may collect:
Name
Email address
Communication preferences
Technical and Usage Information
When you visit our website, we may automatically collect:
IP address
Browser type and version
Device type
Operating system
Pages visited
Time and date of visit
Referral source
Referral source
This data may be collected through cookies and analytics tools, subject to your consent where required.
4. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to:
Improve website functionality
Analyse traffic and usage patterns
Enhance user experience
Support marketing and remarketing activities
For users located in the European Union, United Kingdom or other jurisdictions requiring consent, we use a GDPR-compliant cookie consent banner.
You may:
Accept all cookies
Reject non-essential cookies
Customise your preferences
You can also manage cookies through your browser settings.
5. Legal Bases for Processing (GDPR)
If you are located in the EU or UK, we process your personal data under the following lawful bases:
Consent, where you have provided clear permission
Contractual necessity, where processing is required to provide requested services
Legitimate interests, such as improving our services and preventing fraud
Legal obligation, where required under applicable law
You may withdraw consent at any time by contacting us.
6. How We Use Your Information
We use personal information to:
Respond to enquiries and demo requests
Provide information about our products and services
Send marketing communications where permitted
Improve website performance and user experience
Analyse usage trends
Comply with legal obligations
Protect our rights and prevent misuse
We do not sell personal information.
7. Disclosure of Personal Information
We may disclose your information to:
IT and hosting providers
Analytics providers
CRM and marketing automation platforms
Professional advisers
Regulatory authorities where required by law
All third-party providers are required to handle your information securely and in accordance with applicable data protection laws.
8. International Data Transfers
As an Australian company, your information may be stored or processed in Australia or other jurisdictions where our service providers operate.
Where personal data is transferred outside the EU or UK, we implement appropriate safeguards such as:
Standard Contractual Clauses
Contractual data protection obligations
Secure cloud hosting arrangements
9. Data Retention
We retain personal information only for as long as necessary to:
Fulfil the purposes described in this policy
Comply with legal obligations
Resolve disputes
Enforce agreements
Marketing data is retained until you unsubscribe or request deletion.
10. Security of Personal Information
We take reasonable technical and organisational measures to protect personal information from:
Unauthorised access
Loss or misuse
Alteration
Disclosure
These measures may include:
Encryption in transit
Secure hosting environments
Access controls
Role-based permissions
Regular monitoring and review
No system can guarantee absolute security, but we actively manage and improve our safeguards.
11. Your Rights
Under Australian law, you have the right to:
Request access to your personal information
Request correction of inaccurate information
Under GDPR (if applicable), you may also have the right to:
Access your personal data
Rectify inaccurate data
Rectify inaccurate data
Restrict processing
Object to processing
Data portability
Withdraw consent
To exercise your rights, contact us at privacy@heywillow.ai.
12. Marketing Communications
You may opt out of marketing communications at any time by:
Clicking the unsubscribe link in our emails
Contacting us directly
Transactional or service-related communications may still be sent where necessary.
13. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites.
14. Children’s Privacy
Our website and services are intended for business users and are not directed at individuals under 18 years of age. We do not knowingly collect personal information from children.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time.
The updated version will be published on this page with a revised effective date.
16. Complaints
If you believe we have breached applicable privacy laws, please contact us first so we can address your concerns.
Australian residents may also lodge a complaint with:
Office of the Australian Information Commissioner https://www.oaic.gov.au
EU residents may lodge a complaint with their local supervisory authority.
17. Contact Us
Ready to Move From Reactive to Continuous Compliance?
See how Willow supports structured governance, real-time monitoring, and audit-ready operations.