Privacy Policy

Zen Royalty Free is owned and operated by Zen Royalty Free Pty Ltd (ABN 24 653 838 834) (referred to as ZRF, we, our, us). This Privacy Policy relates to how we collect and handle your personal information and applies to your use of our website located at and any associated mobile and desktop applications (ZRF Website). It also applies to your use of our services, whether you are making an enquiry or engaging us to provide services on the ZRF Website (the Services).

We are committed to protecting the privacy of all of our customers and end users. The Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (Privacy Principles) set out in Schedule 1 of the Privacy Act, govern the collection, storage, use, and disclosure of information by which individuals may be identified. Further, to the extent applicable, we comply with EU General Data Protection Regulation 2016/679 (GDPR) and the California Consumer Privacy Act (CCPA).

We may update the Privacy Policy from time to time at our sole discretion. Any variations become effective on posting the updated privacy policy and we shall have no obligation to provide you with individual notice of such changes. Your continued use of the ZRF Website and the Services following the publication of any amended privacy policy shall signify your acceptance of that amended privacy policy, except where we are otherwise obliged by law to seek your direct consent.



This Privacy Policy covers all information collected via your use of the ZRF Website and the Services, as well as information supplied to us in person, by phone, by writing (including email) or in any other way. 

Personal Information means information that can be used to personally identify you such as your name, residential address, email address, contact number and payment details. We do not collect or process the Personal Information of anyone under the age of 18 without the express consent of their parent or guardian and otherwise in accordance with our Terms of Use.

Usage Information means anonymous aggregate data that is automatically collected through your use of our ZRF Website or Services. This includes information that identifies your device, your operating system, your IP address and dates and times that you access and use the ZRF Website. This information is used for statistical analysis to help us to improve the Services to the benefit of all users.

The GDPR recognizes that Usage Information, whilst for the most part anonymous, can be cumulatively used to identify you directly or indirectly. Usage Information that can be used to identify you in any way, together with your Personal Information, shall collectively be referred to in this Privacy Policy as “Personal Data”.


Personal Information is collected directly from you when you:

  • Make an account for our Services. If you choose to create an account on the ZRF Website in order to access our Services, we require you to provide your full legal name, location, email address and credit card details (for the purpose of charging you the agreed fees for the Services in accordance with our Terms of Use and Gold, Silver or Platinum Licence Agreements). We need this information to create your account to allow you to access the Services, pay for the Services, and so that we can correspond with you about delivery of the Services. If you do not provide these details, we cannot provide the Services;

  • Contact us via our website, email, telephone or otherwise;

  • Access, browse, use, follow, like, comment, or otherwise interact with our ZRF Website;

  • Sign up to our mailing list to receive emails, newsletters, or other direct marketing communications about our products and services as offered to you from time to time. You will be required to provide your full name and a valid email in order to sign up to such mailing lists. 

It is your choice to provide Personal Information to us. Wherever it is lawful and practicable, you have the option not to identify yourself when interacting with us. Please be aware that it may be necessary for us to collect your Personal Information to enable us to provide the Services to you. As such, if you do not wish to provide your Personal Information, we may not be able to provide the Services to you in a fully operational form or at all.


We may collect anonymous Usage Information on our ZRF Website through Google Analytics, Facebook Ad Analytics or any other user/data analytics sites or programs from time to time, which utilises cookies, pixel tags and other tracking technologies (collectively, Cookies). Cookies are small packets of data that are downloaded onto your device when you access a website. Cookies hold specific information that helps a website ‘remember’ your actions and preferences over time. These are the types of Cookies that we may use to operate our Services:

  • Strictly Necessary Cookies: these Cookies are essential to make sure the ZRF Website works correctly, and to record information that allows you to move around the ZRF Website and navigate its features.

  • Performance Cookies: these Cookies collect information about how you use the ZRF Website, such as how often you access the ZRF Website and if you encounter any errors.

  • Functionality Cookies: these Cookies allow our ZRF Website to remember the choices you make to provide a more personalised experience.

  • Targeting or Advertising Cookies: these Cookies deliver targeted advertising to you based on your interests and use of the ZRF Website.

Cookies can stay on your device temporarily (Session Cookies) or until you manually delete them (Persistent Cookies).


Legitimate purposes that you agree we may use your Personal Data for include but are not limited to the following: 

  • to respond to requests or correspondence submitted by you;

  • to provide the Services;

  • to improve and develop the ZRF Website and the Services;

  • to inform you of Services which may be of interest to you;

  • to process your payment for any Services;

  • to improve the functioning of the ZRF Website and Services; and

  • to prevent, detect and investigate potential illegal activities, security breaches and fraud.

For the avoidance of doubt, we will only use your Personal Data for purposes that you would reasonably expect us to use your Personal Data for in connection with providing the Services to you, or where we are required by law to collect your Personal Data. We will not sell, rent, or licence your email address or any of your Personal Data.


You agree and consent that we may disclose your Personal Data to: 

  • employees, service provides and contractors of ZRF; and

  • authorities, including police and regulations if we are required to do so by law.

We may use de-identified wellbeing survey data, other survey data and data regarding use of our ZRF Website for purposes including research and analysis, case studies, marketing and improving and continuing to develop our Services.

For the avoidance of doubt, all employees, consultants, contractors, and agents of ours are bound by Australian privacy laws. 

You can withdraw your consent for us to share your Personal Data with third parties at any time by emailing us at, but please note that withdrawal of such consents may affect your ability to access and use the ZRF Website and/or the Services.


In accordance with the GDPR, we acknowledge the right of EU citizens to:

  • have their data erased that is no longer being used for a legitimate purpose;

  • request a copy of all Personal Data held about you by us in a readable format; and

  • request restricted processing of your Personal Data whilst any complaints or concerns are being resolved.

To erase, request a copy of, or restrict processing of your Personal Data, please email us at

Upon your written request we will provide you with a copy of your Personal Data that we hold unless: 

  • we reasonably believe that giving access would pose a serious threat to the life, health, or safety of any individual, or to public health or public safety; 

  • giving access would have an unreasonable impact on the privacy of other individuals; 

  • your request for access is frivolous or vexatious; 

  • the information relates to existing or anticipated legal proceedings between us and you, and would not be accessible by the process of discovery in those proceedings; 

  • giving access would reveal our intentions in relation to negotiations with you in such a way as to prejudice those negotiations; 

  • giving access would be unlawful; 

  • denying access is required or authorised by or under an Australian law or a court/tribunal order; 

  • we have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, is being or may be engaged in and giving you access would be likely to prejudice the taking of appropriate action in relation to those matters; 

  • giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or

  • giving access would reveal evaluative information generated within the entity in connection with a commercially sensitive decision-making process.


We cannot modify your Personal Information without your instruction. You can update your details with us at any time by emailing us at You acknowledge that it is your responsibility to maintain the truth, accuracy, and completeness of your information at all times and your failure to do so may inhibit our ability to provide the Services. We shall have no liability to you or any third party arising from your failure to keep your information up to date.


For the purposes of this Privacy Policy, “Direct Marketing” is the promotion of goods and services directly to you including through emails, phone calls, SMS, push notifications and/or the post.

How we use your Personal Data for Direct Marketing is tightly controlled by the Privacy Act. We will follow those laws to ensure you only receive Direct Marketing in circumstances where you are expecting to. Under the Privacy Act we may use your Personal Data for the purposes of Direct Marketing if: 

  • we collected the information directly from you; and

  • you would reasonably expect us to use or disclose your Personal Data for the purpose of Direct Marketing.

As set out above, we may use your Personal Data to provide you with information regarding our Services and your Usage Information to provide you with customised recommendations regarding use of our ZRF Website (either by email, SMS, or through the ZRF Website). 

Unless it would be impracticable or unreasonable, we need your consent when:

  • collecting your Personal Data from a third party for the purpose of Direct Marketing; or

  • you would not reasonably expect to receive the Direct Marketing.

If at any time you want to know who provided us with your Personal Data, then please send a request to us at We will provide the details of that third party within a reasonable time and without charge.

We recognise your right under the Spam Act 2003 (Cth) and the GDPR to opt out from Direct Marketing, and as such these consents can be modified at any time by emailing us at or clicking unsubscribe on any Direct Marketing communications. We will always provide a simple means for you to “opt-out” from receiving Direct Marketing, which typically involves an “opt-out” or “unsubscribe” link on emails, a check box on the collection notice or through a pop-up on your screen when you provide personal information on our ZRF Website.

We will not use or disclose your Personal Data for the purposes of Direct Marketing material if you have previously told us not to. 

If at any time in the future you do not want us (or one of our service providers) to send you Direct Marketing material or you wish to cancel a previous consent, please inform us by contacting us at We will affect the change in a reasonable time and without charge.


We protect your Personal Data through technical security measures i.e. firewalls, encryption that limit the risk of loss, disclosure, or unauthorised access. No security measures are, however, 100% secure so we cannot guarantee the security of your information or data at any time. To the extent permitted by law, we accept no liability for any breach of security, or direct hacking of our security measures, or any unintentional disclosure, loss or misuse of any information or data or for the actions of any third parties that may obtain any information or data.

Notwithstanding the above, we acknowledge our obligation to report any data breach that is likely to risk the rights and freedoms of natural persons to the Australian Information Commissioner and, where our data breach involves the information of EU citizens, report to the European Data Protection Supervisor. We will also inform you, where possible, if your data has been breached in circumstances where it poses a risk of serious harm or your rights and freedoms.

We also train all staff or contractors who may have access to your Personal Data about this Privacy Policy and our obligations under the Privacy Act, Privacy Principles and GDPR. For more information on our internal policies, email us at


Please note that this Privacy Policy does not cover the information practices of third party websites which may be linked to our ZRF Website. Notwithstanding our encouragement for third parties to adopt similar privacy policies as ours, we are not responsible for their collection and use of your Personal Data. Please refer to the privacy policies and statements of the relevant third party website to obtain information regarding their information collection, use and disclosure policies.


We may, in the course of providing the Services to you, transfer your Personal Data to overseas countries that are deemed by the EU Commission as having an ‘adequate’ level of Personal Data protection. Where we transfer data to a third party in a country where no adequacy decision has been made, we warrant that any person or entity handling your data in those countries are bound under contract to meet the requirements of the Privacy Act, Privacy Principles and GDPR. 

For the avoidance of doubt, we may transfer any data to an overseas third party with your express or implied consent, and the above condition only applies in the case of a data transfer or transmission to our related business entities in other countries.


Thank you for taking the time to read our Privacy Policy. If you have any questions regarding our Privacy Policy, you can reach our privacy officer at 

If you are not satisfied with our handling of your Personal Data, or have any other concern over our Privacy Policy, then you may lodge a formal complaint with the Office of the Australian Information Commissioner (for more information, please see or with the European Data Protection Supervisor (for more information, please see

Last Revise: 31st August 2021