Privacy Policy

This Privacy Policy explains how Vicinia Pty Ltd (ABN 70 653 966 637), trading as Hamlet (“Hamlet“, “we“, “us“, “our“), collects, uses, discloses, stores, and otherwise handles personal information.

We are committed to handling personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and, where applicable, the EU and UK General Data Protection Regulations (GDPR).

1. About this Policy

1.1 Who we are

Hamlet provides a cloud-based platform for managing flexible workspaces, coworking spaces, serviced offices, hospitality environments, and shared facilities. Our customers are typically business operators of those spaces.

1.2 The two roles in which we handle personal information

Our handling of personal information falls into two distinct categories:

(a) Where Hamlet is the APP entity (controller). We collect personal information directly from individuals — including prospective customers, customer staff and administrators, website visitors, applicants, suppliers, and event attendees — for our own business purposes. This Privacy Policy primarily addresses how we handle that information.

(b) Where Hamlet acts as a service provider (processor) on behalf of a customer. When operators of workspaces use the Hamlet platform, they upload and process personal information about their own members, guests, employees, contractors, and end users. In those cases, our customer is the APP entity responsible for that information, and their privacy policy governs how it is handled. Hamlet processes that information on the customer’s behalf in accordance with our Services Agreement and (where applicable) a Data Processing Addendum.

If you are a member, guest, or end user of a Hamlet customer and have questions about your personal information, please contact that customer directly in the first instance. Section 17 of this policy provides additional information about how we handle personal information processed on behalf of our customers.

1.3 Scope

This Policy applies to:

• our website at hamletco.space and any associated sites or domains we operate;
• the Hamlet platform and mobile and web applications;
• our marketing, sales, support, and business activities;
• any other interaction you have with us.

2. What is Personal Information?

Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether recorded in a material form or not. This includes information such as your name, contact details, identifiers, device information, and information about how you use our services.

Sensitive information is a sub-category of personal information that includes information about a person’s health, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, criminal record, biometric data, and similar matters. We do not generally collect sensitive information about you, and where we do, we will only do so with your consent or as otherwise permitted by law.

3. Personal Information We Collect

3.1 Information you voluntarily provide

We may collect personal information that you knowingly provide when you:

• register for an account, demo, or trial;
• request a quote, proposal, or sales contact;
• subscribe to our newsletter or other communications;
• attend our events, webinars, or training sessions;
• contact our support, sales, or other teams;
• apply for a role with us;
• participate in surveys, research, or marketing activities.

This may include your name, business name, role, email address, phone number, postal address, social media profile information, and any other information you choose to provide.

3.2 Information collected automatically

When you use our website or services, we may automatically collect:

• Log data — your IP address, browser type and version, pages visited, time and date of visit, time spent, referrer URL, and similar information;
• Device data — device type, operating system, unique device identifiers, screen size, and similar information;
• Usage data — interactions with our website and platform, including features used, click paths, and session information;
• Approximate location data — derived from your IP address or, where permitted, more precise location data from your device with your consent;
• Error data — technical details about errors you encounter and the circumstances around them.

3.3 Information from third parties

We may receive personal information about you from:

• our customers (in the context described in section 1.2(b) and section 17);
• referrers, partners, or resellers;
• public sources such as LinkedIn or business directories (for sales prospecting, where lawful);
• service providers who assist us in delivering our services;
• credit reporting bodies, fraud prevention services, or background check providers (where applicable);
• recruiters or referees in connection with employment applications.

3.4 Sensitive information

We do not seek to collect sensitive information through the Hamlet platform. Customers must not use the platform to process sensitive information without our prior written agreement (see our Services Agreement, clause 4).

In limited circumstances we may collect sensitive information directly — for example, dietary or accessibility requirements you provide for an event — and only with your consent.

4. How We Collect Personal Information

We collect personal information:

• directly from you when you provide it through our website, platform, communications, or events;
• automatically through our website and platform (including via cookies and similar technologies — see section 7);
• from third parties (see section 3.3);
• through publicly accessible sources where lawful.

Where it is lawful and practicable, you have the option of dealing with us anonymously or under a pseudonym. However, this may not be possible for many of our services (such as creating an account or processing payments).

5. Why We Collect Personal Information (Purposes)

We collect, use, and disclose personal information only for purposes reasonably necessary to our functions and activities, including to:

• enable you to access and use our website, applications, and platform;
• provide and operate the Services under our Services Agreement;
• communicate with you about your account, services, and support requests;
• send service announcements, billing notices, and security alerts;
• conduct sales and marketing activities (subject to your preferences and section 6);
• understand how our website and platform are used, and to improve them;
• develop new features, products, and services, including AI features (subject to section 12);
• detect, prevent, and investigate security incidents, fraud, abuse, and breaches of our terms;
• comply with our legal, regulatory, accounting, and reporting obligations;
• exercise or defend our legal rights;
• recruit and assess job applicants;
• manage corporate transactions (see section 19).

We will only use your personal information for purposes that are directly related to those listed above, or for other purposes with your consent or as permitted by law.

6. Direct Marketing (APP 7)

We may use your personal information to send you direct marketing communications about our products, services, and events that we think may be of interest to you.

You can opt out of direct marketing at any time by:

• using the unsubscribe link in our marketing emails;
• contacting us at privacy@hamletco.space;
• updating your communication preferences in your account.

We do not sell your personal information.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our website and platform to:

• keep you signed in to your account;
• remember your preferences;
• understand and analyse usage;
• support marketing and advertising activity (including via Google Analytics).

You can control cookies through your browser settings. Disabling cookies may affect the functionality of our website and platform.

Where required by applicable law (including for EU/UK visitors), we will request your consent to non-essential cookies through a cookie banner or similar mechanism. A more detailed Cookies Notice may be published separately from this Policy.

8. Disclosure of Personal Information

8.1 Service providers and sub-processors

We disclose personal information to trusted third-party service providers who help us operate our business and deliver the Services, including:

• cloud hosting and infrastructure providers;
• analytics and product telemetry providers;
• email, SMS, and other communications providers;
• payment processors and billing providers;
• customer support and CRM platforms;
• security, fraud prevention, and monitoring providers;
• error logging and debugging tools;
• professional advisers (such as lawyers, accountants, and auditors);
• debt collection agencies (where applicable).

These providers are only permitted to use personal information to perform services for us, in accordance with our instructions and contractual confidentiality and security obligations.

A current list of material sub-processors (those handling Customer Data within the platform) is available on request from privacy@hamletco.space or, where published, at hamletco.space/sub-processors.

Current third-party providers we engage include:

• Google Cloud — cloud infrastructure: https://cloud.google.com/terms/cloud-privacy-notice
• Google Analytics — website analytics: https://policies.google.com/privacy
• Payrix — payment processing: https://www.payrix.com/privacy-policy
• SendGrid (Twilio) — transactional email: https://www.twilio.com/legal/privacy
• Slack — team communications: https://slack.com/trust/privacy/privacy-policy
• Xero — accounting: https://www.xero.com/au/legal/privacy/

This list is not exhaustive and may be updated from time to time.

8.2 Other disclosures

We may also disclose personal information to:

• our related entities and affiliates;
• our employees, contractors, and authorised representatives;
• existing or potential business partners and acquirers;
• credit reporting bodies and debt collectors, where you fail to pay amounts owed;
• courts, tribunals, regulatory authorities, and law enforcement, as required by law or in connection with legal proceedings;
• any other party with your consent.

9. Cross-Border Disclosure (APP 8)

Some of our service providers and sub-processors are located, or process personal information, outside Australia. Locations may include the United States, the European Union, the United Kingdom, Singapore, and other countries in the Asia-Pacific region.

Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure that the recipient does not breach the Australian Privacy Principles in relation to that information, including by entering into appropriate contractual arrangements.

By providing personal information to us, you acknowledge that personal information may be transferred to, stored in, or processed in jurisdictions outside Australia, including those listed above.

10. Security of Personal Information

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. These measures include:

• encryption of data in transit and at rest where appropriate;
• access controls, including role-based access and multi-factor authentication;
• network and infrastructure security;
• staff training and confidentiality obligations;
• regular review of security practices and providers;
• vendor due diligence.

A summary of our security practices is available via our Security & Data Practices page or on request.

No method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials secure and notifying us promptly of any suspected compromise.

11. Notifiable Data Breaches

We comply with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act 1988 (Cth).

If we become aware of an eligible data breach that is likely to result in serious harm to any affected individuals, we will:

• assess the breach without unreasonable delay;
• notify the Office of the Australian Information Commissioner (OAIC) as required by law;
• notify affected individuals (or, where direct notification is not practicable, publish a statement) as required by law;
• where relevant, cooperate with our customers in their own breach assessment and notification obligations.

If you believe a data breach involving your personal information has occurred, please contact us immediately at privacy@hamletco.space.

12. AI and Automated Decision-Making

The Hamlet platform may include AI-assisted features (such as recommendations, summarisation, automated communications, and workflow automation). Where these features process personal information, we apply the following principles:

• AI features are designed to assist, not replace, human judgement. Material decisions affecting individuals (for example, decisions about membership, billing disputes, or access) should be reviewed and approved by a person.
• We do not use personal information collected through the platform to train general-purpose AI models without your customer’s consent. Where we use data for product improvement, we use aggregated and irreversibly de-identified data, in accordance with our Services Agreement.
• Some AI features rely on third-party AI providers. Personal information sent to those providers is subject to appropriate contractual protections.
• Where we use AI features in the context of our own business (for example, to assist with sales or support), we follow the same principle: AI assists, but humans decide.

If a decision that significantly affects you appears to have been made or substantially supported by automated processing, you can contact us to request human review.

13. How Long We Keep Personal Information

We keep personal information only for as long as we need it for the purposes set out in this Policy, or as required by law.

General retention principles:

• Account information — retained for the duration of the account, plus a reasonable period afterwards for record-keeping, dispute resolution, and legal compliance (typically up to 7 years).
• Customer Data processed on behalf of customers — handled in accordance with the Services Agreement (clause 6.6), including a 30-day export window following termination.
• Marketing data — retained until you unsubscribe or otherwise opt out, plus a short period for suppression list management.
• Website analytics data — retained for the period configured in our analytics providers (typically 14 to 26 months for Google Analytics).
• Financial and tax records — retained for at least 7 years to meet legal obligations.
• Support and security logs — retained for a reasonable period for diagnostic, audit, and security purposes.

When we no longer need personal information for any lawful purpose, we will delete it or irreversibly de-identify it.

14. Your Rights and Controlling Your Personal Information

To exercise any of these rights, contact us at privacy@hamletco.space. We may need to verify your identity before responding. We will respond within a reasonable period (and within any timeframes required by law).

15. Children’s Data

Our services are intended for use by businesses and adults. We do not knowingly collect personal information directly from children under 16 years of age.

Where children may be present in environments managed by our customers (for example, family-friendly venues using guest management features), the customer is responsible for ensuring appropriate consents and compliance with applicable laws governing children’s information.

If you believe a child has provided us with personal information directly, please contact us at privacy@hamletco.space and we will take reasonable steps to delete it.

16. Additional Rights for EU and UK Residents

Where the EU or UK GDPR applies to our handling of your personal data, you have additional rights, including:

• the right to erasure (in certain circumstances);
• the right to restrict processing;
• the right to data portability;
• the right to object to processing, including for direct marketing;
• the right not to be subject to solely automated decisions that produce significant effects on you, except in certain limited cases;
• the right to lodge a complaint with your local data protection authority.

For these purposes:

• where we determine the purposes and means of processing your personal data, our lawful bases for processing are: performance of a contract, our legitimate interests (such as operating and improving our services), compliance with legal obligations, or your consent (which you can withdraw at any time);
• where we process personal data on behalf of a customer, that customer is the data controller and you should contact them first.

To exercise these rights, contact us at privacy@hamletco.space.

17. Personal Information Processed on Behalf of Our Customers

When our customers (businesses operating workspaces, coworking spaces, and similar) use the Hamlet platform, they upload and process personal information about their own members, guests, employees, contractors, and end users.

In those cases:

• Our customer is the APP entity (or controller) responsible for that personal information.
• Hamlet acts as a service provider (or processor), processing the information on the customer’s behalf in accordance with our Services Agreement and (where applicable) a Data Processing Addendum.
• If you are a member, guest, or end user of a Hamlet customer and want to access, correct, or delete your personal information, please contact that customer directly in the first instance.
• We will assist our customers in responding to such requests as required under our Services Agreement and applicable law.
• We do not use personal information processed on behalf of our customers for our own marketing or commercial purposes.

If you are unable to resolve a privacy matter with a Hamlet customer, you can still contact us at privacy@hamletco.space and we will assist where appropriate.

18. Complaints

If you believe we have breached the Australian Privacy Principles or otherwise mishandled your personal information, please contact us at privacy@hamletco.space with full details. We will:

• acknowledge receipt within a reasonable period;
• investigate the complaint;
• respond in writing setting out the outcome of our investigation and any steps we will take.

If you are dissatisfied with our response, you may also lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au
• Phone: 1300 363 992

EU/UK residents may also lodge a complaint with their local data protection authority.

19. Business Transfers

If Hamlet (or substantially all of its assets) is acquired, merged, restructured, or sold, personal information may be transferred to the acquiring party as part of that transaction. Any such transfer will be subject to this Policy or a substantively similar privacy policy, and we will notify you where required by law.

20. Limits of this Policy

Our website and platform may include links to third-party websites and services that we do not operate. We are not responsible for the privacy practices of those third parties. We recommend you review their privacy policies before providing personal information.

21. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations.

If we make material changes, we will:

• update the “Last Updated” date at the top of this Policy;
• where appropriate (and required by law), notify registered users by email or through the platform;
• where required, seek your consent to new uses of personal information.

We encourage you to review this Policy periodically.

22. Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or our handling of personal information, please contact:

Vicinia Pty Ltd trading as Hamlet ABN 70 653 966 637 Australia

Privacy contact: privacy@hamletco.space General contact: hello@hamletco.space Website: https://hamletco.space

Plain-English Summary (Non-Binding)

This summary is for convenience only and does not replace the full Policy above. If anything conflicts, the Policy prevails.

• We’re Vicinia Pty Ltd, trading as Hamlet — an Australian B2B SaaS company.
• We handle personal information in two ways: information we collect directly about you (e.g., as a prospect or website visitor), and information our customers process about their members and guests through our platform.
• We use personal information to run our business, operate and improve our platform, and communicate with you. We don’t sell it.
• Some of our service providers are based overseas (US, EU, UK, Singapore, Asia-Pacific). We use contracts and reasonable steps to protect your information.
• We use cookies and analytics. You can manage cookies in your browser.
• We follow the Australian Notifiable Data Breaches scheme and will tell you if there’s a serious breach affecting you.
• AI features assist, but humans should make the important decisions. We don’t train general-purpose AI models on customer data.
• You have rights — to access, correct, opt out of marketing, complain. EU/UK residents have extra rights under GDPR.
• If you’re a member or guest of a Hamlet customer, contact that customer first about your data — they’re in charge of it.

Questions? Email privacy@hamletco.space.