Contact: [email protected]
1. THE AWARDEE ECOSYSTEM AND PLATFORM ARCHITECTURE
1.1. Nature of the Service and Legal Status
1.1.1. Platform Definition: Awardee Pty Ltd (ABN 65 315 107 074) (“the Provider”) operates a proprietary, multi-tenant, first-party lead orchestration and customer service automation infrastructure.
1.1.2. Regulatory Role (Processor): The Provider operates as a Data Processor (as defined under the GDPR and applicable Australian privacy laws) in respect of specific Location-related operational data.
1.1.3. Regulatory Role (Controller): The Provider operates as a Data Controller (or "Business" under the CCPA/CPRA) solely in relation to the universal, platform-wide consent architecture that governs the Awardee Ecosystem.
1.1.4. Operational Classification: The Service is characterized as a "Professional Business Infrastructure" and "First-Party Orchestrator," expressly distinguished from third-party tracking or broad-spectrum data brokerage.
1.1.5. Disclosed Agent Status: The End-User acknowledges and agrees that for certain facilitated transactions or interactions, the Provider acts strictly as a Disclosed Agent for the Platform Subscriber. The ultimate contract for the provision of physical goods, services, or information is formed directly between the End-User and the relevant Location. The Provider assumes no liability for the fulfillment, quality, or accuracy of the physical services provided by the Platform Subscriber , consistent with the Physical Liability Boundary.
1.1.6. Joint Controller Clarification: In specific circumstances where the Provider and the Platform Subscriber mutually determine the purposes and means of processing End-User data—including, but not limited to, the fulfillment of digital orders, the management of loyalty integrations, or the resolution of service-related disputes—the parties shall act as Joint Controllers. In such instances, the Platform Subscriber remains the primary point of contact for Location-specific data queries , while the Provider manages platform-wide security and Attribution Synchronization.
1.2. The "Secure Orchestration Environment" Framework
1.2.1. Engagement Acknowledgment: By accessing the Service via an Access Point (QR-initiated interface, Near Field Communication (NFC) enabled hardware, or digital help pages), the End-User acknowledges and engages with the Secure Orchestration Environment architecture.
1.2.2. Data Residency and Encryption: All Personally Identifiable Information (PII) and transient technical identifiers are hosted within a Secure Orchestration Environment located in the Australia region.
1.2.3. Analytical Inference Engine (Inference and Scoring): The Platform utilizes the Analytical Inference Engine to generate Interaction Scores and de-identified audience segments based on End-User intent and behavioral signals.
1.2.4. Cross-Border Transfers: To the extent that data flows between international technology partners in the USA, Singapore, or Europe, such transfers are governed by Standard Contractual Clauses (SCCs) and the Provider’s high-tier security protocols to ensure compliance with the AU Privacy Act and GDPR.
1.3. Lead Orchestration and Attribution Synchronization
1.3.1. The Secure Bridge: The End-User acknowledges that the Provider facilitates a "secure bridge" for data synchronization between the Location, authorized Partners, and AdTech ecosystems.
1.3.2. Pseudonymization Protocol: All transmission of identifiers to third-party advertising platforms (including Meta and Google) is subject to the SHA-256 salting and hashing protocol. This process ensures that no raw, reversible PII is leaked to third parties.
1.3.3. Attribution Synchronization Logic: The Platform utilizes server-side Attribution Synchronization. This involves the issuance of a unique Pseudonymized Identifier (event_id) within the Secure Orchestration Environment that is subsequently reconciled with third-party IDs within a secure Host Browser environment to maintain attribution without reliance on third-party cookies.
1.4. Shift of Liability and Mutuality of Responsibility
1.4.1. Platform Subscriber Liability: The individual Platform Subscriber maintains absolute and final authority over the content of their specific Source Material, including but not limited to pricing, menus, and safety-critical data (e.g., allergens).
1.4.2. Partner Liability: Partners providing assets for promotional orchestration warrant the ownership of all Intellectual Property (IP) and the accuracy of product claims.
1.4.3. Technical Host Status: Awardee Pty Ltd acts strictly as a Technical Host and "Neutral Pipe". The Provider expressly disclaims liability for:
(a) Analytical Artifacts: Inaccuracies or errors generated by Analytical Inference Engine technology derived from Source Material.
(b) Third-Party IP Claims: Infringements arising from assets uploaded by Platform Subscribers or Partners.
(c) Off-Platform Communications: Any interactions, including SMS or email, occurring outside the Awardee infrastructure once an End-User has voluntarily provided contact details to a Platform Subscriber.
1.5. Universal Platform Consent (The Aggregator Model)
1.5.1. Consent Framework: Consistent with industry-standard "Aggregator Models" (e.g., Booking.com), the End-User provides Universal Platform Consent to the Awardee Ecosystem rather than individual consents to each Location.
1.5.2. Sitewide Portability: This consent is sitewide, allowing for seamless transition between different Locations within the Awardee network, subject to the End-User’s right to withdraw or modify preferences via the centralized Privacy Management Portal.
1.5.3. Cross-Session and Cross-Device Aggregation: To maintain the functional efficacy of Universal Platform Consent , the Provider may aggregate and correlate Signal Correlation data and Pseudonymized Identifiers derived from different browsing sessions or hardware devices used by the End-User. This aggregation may occur within the Secure Orchestration Environment regardless of whether the End-User is logged into a persistent account, utilizing server-side interaction history to ensure that privacy preferences and Interaction Scores remain consistent across the Awardee Ecosystem.
2. DATA COLLECTION ARCHITECTURE AND THE "SECURE ORCHESTRATION ENVIRONMENT" PROTOCOL
2.1. Categories of Data Collection and Processing
2.1.1. Voluntary End-User Provided Information: The Provider collects and processes Personally Identifiable Information (PII) including, but not limited to, names, electronic mail addresses, and mobile telephone numbers expressly provided by the End-User via digital forms, real-time messaging interfaces, or Analytical Inference Engine sessions.
2.1.2. Transient Image Data and Real-Time Processing:
(a) The End-User may upload photographic or digital imagery for the purpose of real-time Analytical Inference Engine contextual analysis (e.g., room facility identification or
menu interpretation).
(b) Such imagery is classified as "Transient Data." The Provider utilizes automated technical guardrails to ensure that all metadata, including EXIF and GPS location
coordinates, are stripped immediately upon upload to prevent unintentional PII retention.
**
(c) The Provider warrants that Transient Data is processed in volatile memory for the duration of the active session and is not committed to a permanent Source Material
archive or long-term storage.
2.1.3. Inferred and Behavioral Signals: The system utilizes Signal Correlation and AI-driven "Interaction Scoring" to analyze End-User intent (e.g., specific interest in dietary preferences or product categories). These signals are aggregated into anonymous audience segments and de-identified interest profiles.
2.1.4. Communication Safety and Ecosystem Risk Mitigation: The Provider utilizes the Analytical Inference Engine and automated monitoring systems to analyze communications transmitted via the digital messenger interface. The Provider reserves the right to programmatically flag, restrict, or block any communications deemed malicious, fraudulent, or high-risk to the Secure Orchestration Environment or the Platform Subscriber. The End-User acknowledges that such analysis is a mandatory security feature and does not constitute a manual review of private correspondence by the Provider’s personnel, consistent with the Provider's status as a Technical Host and Neutral Pipe.
2.1.5. Special Category Data and Persistent Memory: While the Analytical Inference Engine primarily processes de-identified Source Material, the End-User may voluntarily provide information related to health requirements (e.g., food allergens) or accessibility needs. The End-User acknowledges that the Provider will not commit such information to persistent "memory" or utilize it for future Signal Correlation without obtaining a separate, contemporaneous, and explicit AI Inferred Memory Consent at the moment of the request. Such data is treated with heightened security protocols and may be deleted or modified at any time via the OTP-Verified Privacy Management Portal.
2.1.6. Global Data Source and Access Point Declaration: In accordance with 2026 transparency mandates, the Provider declares that all data utilized for Signal Correlation or targeting is tagged with its specific physical origin point. The End-User acknowledges that the Provider records the specific modality of the engagement—whether initiated via a QR-code scan, Near Field Communication (NFC) chip tap, or direct digital link—to establish contextual relevance and verify the integrity of the Access Point interaction. This source metadata is utilized strictly for service optimization and Attribution Synchronization and is governed by the Provider's Cyclical Data Minimization protocols.
2.2. The Secure Orchestration Environment (Server-Side Identification and Security)
2.2.1. Server-Side Orchestration: In lieu of traditional third-party browser cookies, which are subject to client-side blocking and security vulnerabilities, the Provider utilizes a proprietary Secure Orchestration Environment hosted via Supabase in the Australia region.
2.2.2. Technical Identifiers: The Secure Orchestration Environment manages and secures server-side Pseudonymized Identifiers, including but not limited to event_id, fbp, and fbc.
2.2.3. The S2S Protocol: These identifiers are orchestrated within a secure Server-to-Server (S2S) environment to prevent unauthorized third-party access and to ensure data integrity during Attribution Synchronization with partner APIs.
2.2.4. Hashing and Salting: All sensitive identifiers are subjected to SHA-256 salting and hashing locally on the Provider’s server before any Attribution Synchronization occurs with advertising platforms (Meta/Google), ensuring that PII is rendered pseudonymized and non-reversible.
2.3. Data Retention and Cyclical Data Minimization
2.3.1. Behavioral Data Minimization: To satisfy the "Right to be Forgotten" and data minimization principles under GDPR and the Australian Privacy Act, the Provider implements Cyclical Data Minimization. All behavioral signals, detailed chat logs, and specific interaction histories are programmatically deleted every 30 days.
2.3.2. Statutory Compliance Archive: Notwithstanding section 2.3.1, the Provider shall retain Consent Records, privacy preference logs, and billing metadata for a period of seven (7) years to comply with Australian taxation, corporate, and consumer law requirements.
2.4. Allocation of Risk and Liability
2.4.1. End-User Liability for Third-Party PII: The End-User is strictly prohibited from uploading or transmitting the PII of third parties or sensitive personal data (e.g., health or financial records) into the Analytical Inference Engine.
2.4.2. Platform Subscriber Metadata Responsibility: While the Provider employs automated metadata stripping as a Technical Redundancy, the Platform Subscriber remains legally liable for ensuring that any data or images uploaded by their employees to the Source Material have been scrubbed of sensitive PII or commercially sensitive information.
2.4.3. Cross-Border Breach Protection: In the event of a suspected data breach within the Secure Orchestration Environment, the Provider shall trigger notification protocols consistent with the Notifiable Data Breaches (NDB) scheme in Australia and relevant global regulations, provided that the underlying data remains pseudonymized via the hashing protocols described in 2.2.4.
3. DATA SYNCHRONIZATION, AUDIENCE ORCHESTRATION, AND THE ATTRIBUTION SYNCHRONIZATION PROTOCOL
3.1. Pseudonymization and Cryptographic Hashing Standards
3.1.1. The Hashing Mandate: Prior to the transmission of any End-User-derived identifier to third-party advertising ecosystems (including but not limited to Meta and Google), the Provider shall perform local, server-side cryptographic obfuscation within the Secure Orchestration Environment.
3.1.2. SHA-256 Salting Protocol: The Provider shall utilize the SHA-256 hashing algorithm enhanced by a unique "Salt" to ensure that Personally Identifiable Information (PII) is rendered Pseudonymized and mathematically non-reversible.
3.1.3. Zero PII Leakage Warranty: This protocol is designed to satisfy "Privacy by Design" requirements under the GDPR and the Australian Privacy Act, ensuring that raw identifiers (such as clear-text email addresses or mobile numbers) are never exposed to, or readable by, unauthorized third-party entities.
3.2. The Intermediary Redirect Protocol and App-to-App Orchestration
3.2.1. Mechanism of Handoff: Upon the End-User providing express, affirmative consent to a "Personalized Experience," the Provider facilitates a technical "App-to-App handoff".
3.2.2. The ig.me Protocol: This handoff utilizes specialized deep links (e.g., ig.me) recognized by mobile operating systems to transition the End-User from a Host Browser directly into a third-party application environment (such as the Instagram In-App Browser).
3.2.3. Identity Merging: This protocol allows third-party platforms to reconcile anonymous session signals—managed via the Provider’s server-side Pseudonymized Identifiers—with the End-User’s existing authenticated social profile.
3.2.4. End-User Consent Dependency: The End-User acknowledges that such merging is contingent upon the End-User having maintained active tracking consents within the respective third-party platform's settings; the Provider acts strictly as the "First-Party Orchestrator" of the transition.
3.2.5. Multi-Modal Attribution Disclosure: The End-User acknowledges that Attribution Synchronization encompasses multiple interaction types to ensure accurate Signal Correlation. These include: (a) Click-Through Attribution, recorded when an End-User explicitly engages with a digital link or Intermediary Redirect Protocol interface ; and (b) Engage-Through Attribution, recorded when an End-User performs a high-intent action within a Partner's environment, such as saving, reacting to, or sharing Source Material. Both modalities are utilized within the Secure Orchestration Environment to calculate Interaction Scores and facilitate relevant remarketing via the S2S Protocol.
3.3. Technical Guardrails and Consent Gating
3.3.1. Pre-Bridge Consent Gate: The Provider warrants that no third-party marketing pixels shall fire, nor shall any Attribution Synchronization be initiated, until the End-User has affirmatively engaged with the "Agree" or "Personalized Experience" selection within the Consent Manager.
3.3.2. Redirection Transparency: The End-User shall be presented with an Intermediary Redirect Protocol interface (a "Bridge Page") confirming their intent to sync current session signals with Partners for the purpose of receiving relevant offers.
3.4. Allocation of Risk and Liability (Mutuality)
3.4.1. Provider Liability: The Provider is responsible for the technical integrity of the Pseudonymization protocol and the secure management of Pseudonymized Identifiers within the Australia-hosted Secure Orchestration Environment.
3.4.2. Subscriber and Partner Liability: The Platform Subscriber and its Partners acknowledge that the Provider does not provide raw guest lists or unhashed data. The Platform Subscriber and Partner assume all legal risk associated with the use of these de-identified "Audience Segments" within their respective third-party advertising accounts.
3.4.3. Third-Party Platform Liability: Once the End-User transitions via the Intermediary Redirect Protocol, the Provider expressly disclaims any liability for the data handling, privacy practices, or "shadow profiling" performed by third-party platforms over which the Provider exercises no control.
3.4.4. Analytical Artifact Disclaimer: To the extent that AI summaries or Interaction Scores influence the audience segments provided to Partners, the Provider is not liable for Analytical Artifacts or inaccuracies in the underlying intent signals derived from Source Material.
4. ANALYTICAL INFERENCE ENGINE PROTOCOLS, SAFETY LIMITATIONS, AND OPERATIONAL RECORD-KEEPING
4.1. The AI Interaction Framework and "Manual Verification Protocol" Integration
4.1.1. Technical Methodology: The Provider utilizes the Analytical Inference Engine, incorporating commercial-grade Large Language Models (LLMs), to process Platform Subscriber-specific Source Material and facilitate real-time automated customer service.
4.1.2. Escalation and Operational Records: In the event the Analytical Inference Engine is unable to satisfy an End-User query with a high-confidence response, the query is automatically categorized and stored as an "Operational Record".
4.1.3. Manual Review: These Operational Records are made available to the Platform Subscriber via the Administrative Dashboard to facilitate manual human intervention, asynchronous communication, and iterative improvements to the Source Material.
4.1.4. Transient Data Analysis: Where an End-User initiates an image-based query (e.g., analyzing Location facilities), the Analytical Inference Engine processes the image data to provide contextual answers. Such imagery is treated strictly as Transient Data, processed in volatile memory, and is never integrated into a permanent archive or the public Source Material.
4.1.5. Dynamic Conversation Personalization: The End-User acknowledges that the Analytical Inference Engine may utilize the historical context of an active session to personalize the interaction experience. This personalization includes, but is not limited to, the prioritization of specific Source Material or the selection of relevant Partner Source Material based on previously established Signal Correlation (intent). Such personalization is generated in real-time within the Secure Orchestration Environment and is subject to the Cyclical Data Minimization purge protocols.
4.2. Absolute Disclaimer of Professional Advice and Accuracy
4.2.1. "As-Is" Provision: All Analytical Inference Engine-generated outputs, responses, and summaries are provided on an "as-is" and "as-available" basis for general informational purposes only.
4.2.2. Exclusion of Liability for Analytical Artifacts: To the maximum extent permitted by the Australian Consumer Law and relevant global statutes, the Provider and its Platform Subscribers expressly disclaim all liability for Analytical Artifacts (hallucinations), algorithmic biases, or technical inaccuracies.
4.2.3. No Specialist Advice: Under no circumstances shall Analytical Inference Engine content be construed as legal, medical, financial, or professional safety advice.
4.3. Health, Safety, and Allergen Indemnity
4.3.1. Safety-Critical Verification: The End-User acknowledges that outputs regarding safety-critical information—including dietary requirements, ingredient composition, allergens, or emergency protocols—carry inherent risks of error.
4.3.2. Mandatory Manual Verification Requirement: The End-User is strictly required to verify all health and safety-related information with the Location's on-site human staff prior to consumption or reliance.
4.3.3. Critical Safety Override: The Provider implements the Critical Safety Override—a proprietary, immutable master instruction layer—designed to prevent the provision of medical or safety advice. The failure of such technical guardrails does not waive the End-User's duty to verify information manually.
4.4. Mutuality and Shift of Liability
4.4.1. Platform Subscriber as Primary Publisher: The Platform Subscriber maintains final authority over, and legal responsibility for, the accuracy and integrity of the Source Material provided to the Analytical Inference Engine.
4.4.2. Indemnity for Inaccurate Data: The Platform Subscriber shall indemnify, defend, and hold harmless the Provider against any third-party claims arising from inaccuracies in the Source Material (e.g., incorrect allergen labeling or misleading facility descriptions).
4.4.3. Provider’s Technical Limitation: The Provider’s role is strictly limited to that of a Technical Host and Neutral Pipe. The Provider does not independently audit the Source Material for factual correctness regarding the Location's physical operations.
4.4.4. Content Certification Logs: To satisfy compliance requirements, the Provider maintains an "Approval Audit Log" documenting when a Platform Subscriber admin last Executed Content Certification, warranting the Source Material is accurate and safe for processing.
5. DATA RESIDENCY, RETENTION, AND CYCLICAL DATA MINIMIZATION PROTOCOLS
5.1. Geographic Data Residency and Sovereign Hosting
5.1.1. Primary Jurisdiction: All core platform data, including the Secure Orchestration Environment architecture and central Analytical Inference Engine logic, is primarily hosted and stored within the Australia region utilizing the Supabase backend infrastructure.
5.1.2. Cross-Border Data Flows: While primary residency is maintained in Australia, the End-User acknowledges that Attribution Synchronization with international technology Partners (e.g., Meta, Google, OpenAI) may involve transient data flows through the United States, Singapore, or Europe.
5.1.3. Standard Contractual Clauses (SCCs): To the extent that such flows constitute a transfer of data outside of the primary jurisdiction, the Provider warrants that such transfers are governed by Standard Contractual Clauses (SCCs) or equivalent adequacy mechanisms to ensure compliance with the GDPR and the Australian Privacy Act.
5.2. Data Minimization and the "Cyclical Data Minimization" Mandate
5.2.1. Behavioral Minimization: In adherence to "Privacy by Design" and data minimization principles mandated by GDPR Article 5(1)(c) and the Australian Privacy Act, the Provider implements a strict Cyclical Data Minimization protocol.
5.2.2. Scope of Deletion: This automated script (Cron job) programmatically deletes all granular Signal Correlation data, including specific interaction histories, detailed Analytical Inference Engine chat logs, and intent-based scoring, every thirty (30) days.
5.2.3. Risk Mitigation: The End-User and Platform Subscriber acknowledge that this purge is a proactive Technical Redundancy designed to reduce the "data footprint" and limit potential exposure in the event of a cross-border data breach.
5.3. Statutory Compliance Archive and Legal Records
5.3.1. Extended Retention Categories: Notwithstanding the provisions of section 5.2, certain metadata is exempt from the 30-day purge to satisfy overriding legal and fiscal obligations.
5.3.2. Fiscal and Tax Records: All Stripe-related billing metadata, transaction invoices, and financial audit trails are retained within the Statutory Compliance Archive for a period of seven (7) years in accordance with Australian Taxation Office (ATO) requirements and corporate law.
5.3.3. Consent and Compliance Logs: The Provider shall maintain a permanent Consent Record—including timestamps of platform-wide privacy agreements and withdrawal requests—for a period of seven (7) years to demonstrate regulatory compliance and satisfy Privacy Management Portal audit requirements.
5.4. Mutuality and Technical Liability Shift
5.4.1. Provider’s Technical Warranty: The Provider is solely responsible for the maintenance and execution of the automated deletion scripts within the Awardee infrastructure.
5.4.2. Subscriber-Side Retention: Where a Platform Subscriber exports data from the Platform or receives Operational Records via external email or third-party messenger integrations, the liability for the lawful retention or deletion of that off-platform data shifts entirely to the Platform Subscriber.
5.4.3. Third-Party Handoff: The Provider is not responsible for the retention policies of third-party advertising platforms once Attribution Synchronization has been completed and the data has been ingested into those external ecosystems.
5.4.4. Right to Erasure: End-Users may trigger an immediate, manual total wipe of their PII and Pseudonymized Identifiers—overriding standard retention periods—via the OTP-Verified Privacy Management Portal
6. DATA SUBJECT RIGHTS AND THE CENTRALIZED PRIVACY MANAGEMENT PORTAL
6.1. Statutory Compliance and Scope of Rights
6.1.1. Regulatory Alignment: In strict accordance with the General Data Protection Regulation (GDPR) (specifically the Right to Erasure under Article 17 and Right of Access under Article 15) , the California Consumer Privacy Act (CCPA/CPRA) , and the Australian Privacy Principles (APP) , the Provider grants the End-User comprehensive rights to manage their personal data ecosystem.
6.1.2. Privacy by Design: To prevent "Consent Ghosting" and ensure high-tier transparency, the Provider maintains a centralized, high-security portal for the exercise of these rights.
6.1.3. Universal Ecosystem Application: The rights defined herein apply across the entire Awardee Ecosystem, encompassing all physical Locations and digital interfaces hosted under the awardee.com, awardee.com.au, and award.ee domains.
6.1.4. Automated Flagging and Anti-Gaming Transparency: The Platform Subscriber and End-User acknowledge that the Analytical Inference Engine utilizes automated fraud detection logic to maintain the security of the Secure Orchestration Environment. In the event an account is flagged or restricted for suspected fraudulent activity, the Provider reserves the right to withhold the specific technical Signal Correlation or "red-flag" criteria to prevent system gaming or circumvention of security protocols. Notwithstanding this restriction, the End-User or Platform Subscriber maintains the right to request a manual human review of any such automated restriction via the OTP-Verified Privacy Management Portal.
6.2. The Centralized OTP Privacy Management Portal
6.2.1. OTP Verification Protocol: Access to the Privacy Management Portal is governed by a One-Time Password (OTP) verification system . The End-User must provide the primary email address associated with their profile to receive a unique cryptographic code, ensuring that data access or erasure requests are authenticated.
6.2.2. Right of Access (Information Transparency): Upon successful authentication, the End-User may view the categories of PII held within the Australia-based Secure Orchestration Environment, including Consent Records and any associated Pseudonymized Identifiers.
6.2.3. Right to Erasure (The "Total Wipe"): The End-User may trigger a "total wipe" of their digital footprint within the Awardee environment. This action results in the permanent deletion or irreversible anonymization of:
(a) PII: All raw data including names, emails, and phone numbers;
(b) Pseudonymized Identifiers: All SHA-256 hashed codes and session-specific event_id records;
(c) Signal Correlation Records: Any residual interaction scoring or intent-based segments not yet removed by the Cyclical Data Minimization cycle.
6.3. Universal Opt-Out and Preference Refresh
6.3.1. Platform-Wide Synchronization: Withdrawing consent for data orchestration at a specific Location shall automatically apply platform-wide across the entire Awardee infrastructure.
6.3.2. Periodic Re-Prompting: To avoid "Dark Pattern" penalties and ensure ongoing compliance, the system will periodically re-prompt the End-User to refresh or review their marketing preferences—categorized as a "Preference Refresh"—when visiting new Location types or during significant feature updates .
6.4. Mutuality and Shift of Liability
6.4.1. Provider Responsibility: Awardee is solely responsible for the technical functionality of the Privacy Management Portal and the immediate propagation of deletion requests across the Secure Orchestration Environment.
6.4.2. Third-Party Disconnection: The End-User acknowledges that a "total wipe" within the Awardee Platform cannot retroactively delete data that has already been synchronized via Attribution Synchronization with third-party platforms prior to the deletion request. The End-User must exercise their "Right to be Forgotten" directly within those third-party environments.
6.4.3. Platform Subscriber Records: Where an End-User has provided contact details directly to a Platform Subscriber resulting in off-platform communications, the Platform Subscriber is the sole "Data Controller" for those specific records. Awardee disclaims all liability for the failure of a Platform Subscriber to delete data held in their private, off-platform infrastructure.
6.4.4. Statutory Retention Exception: The Provider reserves the right to retain de-identified billing metadata and Consent Records for seven (7) years as required by Australian corporate and tax law, notwithstanding a general erasure request.