Entity: Kicking Pixels Group (ABN 13 136 066 496)
Brands: Gatheroo | Kicking Pixels | MyWebAdvantage
Contact: support@kickingpixels.com.au
Last Reviewed: 14 April 2026
1. Introduction
Welcome to Kicking Pixels Group (ABN 13 136 066 496), encompassing Gatheroo, Kicking Pixels, and MyWebAdvantage (“we”, “us”, or “our”). We are committed to protecting your privacy and handling personal information responsibly.
This Privacy Policy explains how we collect, use, disclose, and protect personal information across all our brands and websites. We comply with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where we interact with individuals in the UK or EU, we also comply with the UK GDPR and EU GDPR respectively.
We operate under an ISO 27001-certified Information Security Management System (ISMS), providing a structured framework for continuously managing and improving our security and privacy practices.
2. About Our Services and Our Role
We operate three brands under Kicking Pixels Group:
- Gatheroo (gatheroo.io) — a SaaS platform that enables businesses to securely collect documents and information from their clients.
- Kicking Pixels (kickingpixels.com.au) — web development services, primarily using WordPress.
- MyWebAdvantage (mywebadvantage.com.au) — web solutions for small businesses.
2.1 Data Controller vs Data Processor | Gatheroo
For users of the Gatheroo platform, it is important to understand the following distinction:
| Gatheroo Customers (Businesses) | Kicking Pixels Group (Gatheroo) |
| Data Controller The business using Gatheroo determines what data is collected from their clients and why. |
Data Processor We process and store that data on the customer’s behalf, under their instructions. |
If you have submitted documents or information through a Gatheroo portal at the request of a business, your primary point of contact for privacy queries regarding that data is the business that invited you, not Kicking Pixels Group directly.
Our obligations as a data processor are detailed in our Data Processing terms, referenced in our Gatheroo Terms and Conditions. Data collected through Gatheroo portals is stored securely and is not used by Kicking Pixels for any purpose other than providing the Gatheroo service.
Data collected via our own websites (kickingpixelsgroup.com.au, kickingpixels.com.au, mywebadvantage.com.au) is subject to this Privacy Policy in full, with Kicking Pixels Group acting as the data controller.
3. Information We Collect
3.1 Personal Information
We may collect the following personal information when you interact with our websites or services:
- Name and contact details (email address, phone number, business address)
- Business details and professional information
- Account information (username, preferences, login credentials)
- Payment information, processed securely by our third-party payment provider (Stripe); we do not store card details
3.2 Automatically Collected Information
When you visit our websites, we may automatically collect:
- IP address and approximate location
- Browser type, version, and device information
- Pages visited, time spent, and navigation paths
- Referring URLs
3.3 Information You Submit
Information provided through contact forms, support requests, enquiries, or other communications you initiate with us.
We do not collect sensitive information (as defined under the Privacy Act) unless it is strictly necessary and you have provided explicit consent.
4. How We Use Your Information
We use personal information only for the purposes for which it was collected, including:
- Delivering, operating, and improving our websites and services
- Responding to enquiries and providing customer support
- Processing payments securely
- Sending marketing communications — only with your explicit consent
- Analysing website performance to improve user experience
- Meeting our legal and regulatory obligations
We do not sell your personal data. We do not use your data for purposes unrelated to the services you have engaged us for.
5. Legal Basis for Processing
5.1 Australian Users (Privacy Act 1988)
We collect and handle personal information in accordance with the Australian Privacy Principles (APPs). Our primary bases for collection are:
- With your consent
- Where necessary to provide services you have requested
- To comply with a legal obligation
- For our legitimate business interests, where these do not override your privacy rights
5.2 UK and EU Users (UK GDPR / EU GDPR)
If you are located in the UK or EU, we rely on the following lawful bases:
- Consent, where you have clearly opted in
- Contract, where processing is necessary to fulfil a service agreement
- Legal obligation, where we are required to process data by law
- Legitimate interests, for example, improving our services, provided this does not override your rights
6. Automated Decision-Making
We do not use automated decision-making or profiling processes that produce legal or similarly significant effects on individuals. If this changes, we will update this Privacy Policy and notify affected users as appropriate.
7. Your Rights
7.1 Australian Users
Under the Privacy Act 1988 and the Australian Privacy Principles, you have the right to:
- Access the personal information we hold about you (APP 12)
- Request correction of inaccurate or incomplete information (APP 13)
- Make a complaint about how we have handled your personal information
7.2 UK and EU Users
In addition to the above, if you are in the UK or EU you also have the right to:
- Request erasure of your personal data (“Right to be Forgotten”)
- Restrict or object to certain processing activities
- Receive a portable copy of your data
- Withdraw consent at any time, without affecting the lawfulness of prior processing
To exercise any of these rights, please contact us at support@kickingpixels.com.au. We aim to acknowledge all requests within 5 business days and respond in full within 30 days. Where a request is complex or involves a large volume of data, we may extend this period by a further 30 days and will notify you accordingly.
8. Cookies and Tracking Technologies
8.1 What Are Cookies?
Cookies are small text files placed on your device when you visit a website. They help websites function correctly, remember your preferences, and provide analytics information.
8.2 Cookies We Use
| Type | Purpose | Examples |
| Essential | Core website functionality and security | Session management, login state |
| Analytics | Understand how visitors interact with our sites | Google Analytics |
| Advertising | Deliver relevant advertising (with consent only) | Facebook Pixel, Google Ads |
8.3 Managing Your Cookie Preferences
When you first visit our websites, you will be presented with a cookie consent banner. You can choose which categories of cookies to accept. You may update your preferences at any time through the consent manager on the site, or by adjusting your browser settings. Disabling essential cookies may affect website functionality.
For more information about how our third-party providers use cookies, please refer to their respective privacy policies: Google Privacy Policy (analytics and advertising) and Meta Privacy Policy (Facebook Pixel).
9. Data Security
We take the security of your personal information seriously. Our security measures include:
- Encryption of data in transit (TLS) and at rest
- Strict access controls and multi-factor authentication
- Regular security assessments and vulnerability reviews
- Staff training on data protection and security awareness
- Documented incident response procedures
We are certified to ISO 27001 (Information Security Management), which means our security practices are independently verified against an internationally recognised standard. Our certification covers our Gatheroo SaaS platform and supporting infrastructure.
Notwithstanding these measures, no system is completely immune to risk. We encourage you to use strong, unique passwords and to contact us promptly if you suspect any unauthorised activity involving your account.
10. Data Breach Notification
We maintain an Incident Response Policy that sets out how we detect, contain, and respond to data security incidents.
In the event of a data breach that is likely to result in serious harm to affected individuals, we will notify those individuals and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches (NDB) scheme (Part IIIC of the Privacy Act 1988). Where required, we will also notify relevant authorities in the UK or EU.
We will provide notification as soon as practicable, including a description of the breach, the types of information involved, and the steps you can take to protect yourself.
11. Data Retention and Deletion
We retain personal information only for as long as necessary to fulfil the purpose for which it was collected, or as required by law. Our standard retention periods are:
| Data Category | Retention Period | Basis |
| User account data | While account is active | Service delivery |
| Payment records | 7 years | ATO / tax obligations |
| Marketing data | Until consent withdrawn | Consent |
| Support / enquiry records | 3 years | Legitimate interest |
| Gatheroo portal data | Per customer agreement | Contractual obligation |
| Website analytics data | 26 months (Google Analytics default) | Legitimate interest |
After the applicable retention period, personal data is securely deleted or anonymised. You may request early deletion of your data — see Section 7 (Your Rights) for details.
12. Third-Party Services and Subprocessors
We work with trusted third-party providers to deliver our services. Where these providers process personal data on our behalf, we ensure they are subject to appropriate contractual data protection obligations and security requirements.
| Provider | Category | Purpose |
| AWS | Cloud hosting | Infrastructure for Gatheroo platform |
| WP Engine | Web hosting | WordPress website hosting |
| Stripe | Payment processing | Secure payment processing (we do not store card data) |
| Google Analytics | Analytics | Website usage analytics (with cookie consent) |
| Meta (Facebook Pixel) | Advertising | Advertising attribution (with cookie consent) |
| Google Ads | Advertising | Search and display advertising (with cookie consent) |
In the event of a business restructure, merger, or acquisition, personal data may be transferred to the relevant parties under confidentiality obligations consistent with this policy.
13. International Data Transfers
Some of our third-party service providers (including AWS and Stripe) may process or store data outside of Australia. Where personal data is transferred internationally, we ensure appropriate safeguards are in place, including:
- Contractual protections (such as Standard Contractual Clauses for EU/UK data)
- Engaging only providers that maintain recognised security certifications (such as ISO 27001 or SOC 2)
- Data processing agreements that require equivalent levels of data protection
We do not knowingly transfer personal data to countries that do not have adequate data protection frameworks without implementing appropriate safeguards.
14. Privacy Complaints
If you believe we have not handled your personal information in accordance with this policy or the Australian Privacy Principles, we encourage you to contact us first so we can resolve your concern.
Our complaint process:
- Submit your complaint to support@kickingpixels.com.au, describing the issue and the outcome you are seeking.
- We will acknowledge your complaint within 5 business days.
- We will investigate and respond with our findings and any remediation steps within 30 days.
- If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au, or for UK/EU matters, to the relevant supervisory authority in your jurisdiction.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. The current version will always be available on our websites with the effective date shown at the top of the page.
Where we make material changes, we will notify you by email (where we hold your address) or by a prominent notice on our websites prior to the changes taking effect.
16. Contact Us
For any questions, requests, or concerns regarding this Privacy Policy or how we handle your personal information, please contact us:
| Entity | Kicking Pixels Group |
| ABN | 13 136 066 496 |
| support@kickingpixels.com.au | |
| Web | kickingpixelsgroup.com.au/contact-us/ |
| Privacy Officer | Administrative Lead |
Document Version History
| Version | Date | Author | Summary of Changes |
| 1.0 | 25 April 2025 | Kicking Pixels Group | Initial version |
| 2.0 | 10 April 2026 | Kicking Pixels Group | Added Gatheroo data processor disclosure, NDB scheme, complaint process, cookie consent detail, ABN, version history, AU/EU rights separation, retention table, subprocessor table |