Legal

Privacy Policy

Entity: Animalis aRK Foundation (ACNC registration pending) - operated by Haycar Global Pty Ltd as trustee
Website: animalisark.org
Effective Date: 2 May 2026
Last Updated: 2 May 2026
Contact: [email protected]

About This Policy and the Foundation
Data We Collect
Animal Health Telemetry and Biodiversity Data
How We Use Your Data
Legal Basis for Processing
Third-Party Processors
On-Chain Data and DID / NFT Data
Data Retention
International Data Transfers
Member and Donor Data
Your Rights
Children's Privacy
Cookies and Analytics
Data Breaches
Contact and Complaints

1. About This Policy and the Foundation

This Privacy Policy governs the collection, use, storage, and disclosure of personal information by the Animalis aRK Foundation ("Foundation", "we", "us", "our"), an Australian environmental non-governmental organisation with ACNC registration pending (DGR Items 1, 9.1.1, 12.1.1). The Foundation is currently operated by Haycar Global Pty Ltd as trustee, pending formal ACNC registration.

This policy applies to the animalisark.org website, foundation membership services, NGO onboarding program, grant management system, volunteer platform, and all Foundation programs and activities.

We are committed to compliance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). We also apply the ACNC Governance Standards regarding data management for charities. For individuals in the European Economic Area or United Kingdom, we comply with the General Data Protection Regulation (GDPR) and UK GDPR as applicable.

As a charity, we treat your personal information with care and do not use it for purposes unrelated to our conservation mission.

2. Data We Collect

2.1 Members and Volunteers

Full name, email address, phone number, postal address
Professional background, skills, and expertise (for volunteer matching)
Membership tier and payment history
Conservation area of interest and geographic region
Communications preferences

2.2 Partner NGO Data

For NGOs onboarding to the Animalis aRK network, we collect:

Organisation name, ABN/ACN, registered address
Director and key contact names and contact details
Conservation area of operation and geographic coverage
Technology and equipment inventory
Financial information required for MOU and grant reporting purposes

2.3 Donor Data

Donor name, email, and payment receipt information
Donation amount and designated program (if specified)
Tax receipt information where donations are DGR-eligible

2.4 Grant and Research Data

Researcher and institution identification and credentials
Research program details and conservation outcomes reported
Grant application data and milestone reporting

2.5 Technical and Usage Data

IP address, browser and device type, pages visited
Form submission data and enquiry content

3. Animal Health Telemetry and Biodiversity Data

The Foundation operates the Animalis aRK DePIN network, which collects environmental and biodiversity data from monitoring nodes deployed across Australia, Kenya, Peru, and Vanuatu. This data includes:

Species presence and population density data from sensor arrays
Environmental conditions (temperature, water quality, atmospheric readings)
Anonymised and aggregated animal health telemetry from Animalis-IC devices registered on the commercial platform (animalisark.io)
Wildlife camera observations (species only, no human faces stored without consent)
Marine and freshwater sensor readings from buoy and submersible node networks

Biodiversity monitoring data does not directly identify individuals. Where such data is linked to your registered account (e.g. you operate a DePIN node), it is subject to this Privacy Policy.

Conservation data use: Aggregated, anonymised biodiversity data is used for conservation reporting, research publications, and grant applications. Raw telemetry from individual nodes is not published without the node operator's consent.

For full details on Animalis-IC device health telemetry, including 7-year retention and on-chain identity, see the animalisark.io Privacy Policy.

4. How We Use Your Data

We use collected data exclusively for the Foundation's conservation mission and governance obligations:

Delivering foundation membership benefits and communications
Onboarding and supporting partner NGOs within the DePIN network
Processing donations and issuing DGR tax receipts
Administering grants and reporting conservation outcomes to funders
Coordinating volunteer programs across conservation sites
Publishing anonymised conservation research and biodiversity reports
Complying with ACNC, ATO, and Australian Privacy Act obligations
Communicating program updates, annual reports, and governance notices to members
Improving Foundation programs through outcome analysis

We do not sell member, donor, or partner data to third parties. We do not use personal data for commercial advertising purposes.

5. Legal Basis for Processing

Under the Australian Privacy Act 1988, we process personal information where it is reasonably necessary for our charitable functions and activities, and where individuals would reasonably expect us to do so in the context of their relationship with the Foundation.

For EEA/UK individuals under GDPR, our legal bases are:

Contract performance: delivering membership, volunteer, and partner services
Legitimate interests: conservation mission activities, fraud prevention, security
Legal obligation: ACNC reporting, ATO DGR obligations, financial record keeping
Consent: optional newsletter and event communications

6. Third-Party Processors

We engage the following categories of processors who may access data to deliver Foundation services:

Payment processors: For processing membership fees and donations. We do not store full card data.
Email service providers: For newsletters, member communications, and automated reporting
Cloud infrastructure: Server hosting and database services, primarily in Australia
ASI Alliance / SingularityNET: On-chain inference for biodiversity analytics. Only anonymised, aggregated data is shared
Cardano blockchain infrastructure: DID registration for Animalis-IC devices and AARK token operations. See Section 7 for on-chain data details
Research partners: University of Sunshine Coast, UPCH Lima, and other accredited research institutions receive anonymised data under data sharing agreements

All processors are bound by data processing agreements consistent with our privacy obligations.

7. On-Chain Data and DID / NFT Data

Important Notice Regarding Blockchain Data: Data recorded on the Cardano blockchain - including Animalis-IC device DIDs, AARK token transactions, and DAO governance votes - is immutable and permanent. Once recorded on-chain, this data cannot be deleted, modified, or erased.

The Foundation operates the Animalis DAO governance layer on Cardano Plutus V3. Governance votes and DAO proposals recorded on-chain are publicly visible and permanent. Director and member decisions recorded on-chain are subject to blockchain immutability.

We minimise the personal information written to the blockchain. Member identities are represented by pseudonymous DID identifiers. Wallet addresses used for AARK governance are pseudonymous but publicly traceable.

Before participating in on-chain governance, please understand that your votes and delegations are public and permanent. Contact [email protected] if you have concerns.

8. Data Retention

Animal health and veterinary records: 7 years from the date of last clinical event or device deactivation
Financial records (donations, membership fees, grants): 7 years from date of transaction, as required by ATO and ACNC
Member records: Duration of active membership plus 3 years after lapsing
Volunteer records: 3 years after last volunteer activity
Partner NGO records: Duration of MOU plus 5 years after expiry
Grant records: 7 years from grant conclusion (ACNC requirement)
Director and governance records: As required by ACNC Governance Standard 2 (7 years minimum)
Technical logs: 12 months for security and fraud prevention

After the applicable retention period, data is securely deleted or irreversibly anonymised. On-chain data is subject to blockchain immutability as described in Section 7.

9. International Data Transfers

The Foundation's global conservation network operates across Australia, Kenya (Nairobi hub - Evalyn Timothy), Peru (Lima/UPCH hub), and Vanuatu (Pacific hub - GIA Business Group). Data transfers to international partners comply with APP 8 through:

Data sharing agreements incorporating privacy protection clauses
Anonymisation and aggregation before international research data sharing
Standard contractual clauses where GDPR applies

DAO governance votes on Cardano are replicated globally across the Cardano node network. This is an inherent characteristic of public blockchain technology.

10. Member and Donor Data

Member and donor data is used exclusively for delivering membership benefits, processing donations, and ACNC/ATO compliance. We do not share individual donor or member information with third parties for commercial purposes.

Foundation members who are appointed as Directors consent to having their name and role published in ACNC register entries and annual reports as required by law.

For DGR-eligible donations, we retain donor name and donation amount for 7 years as required by the ATO. Tax receipts are issued electronically to the email provided at time of donation.

Members may opt out of non-essential communications (newsletters, event invitations) at any time by contacting [email protected] or using the unsubscribe link in any email.

11. Your Rights

Under the Australian Privacy Act 1988 and applicable GDPR, you have the following rights:

Access: Request a copy of personal information we hold about you
Correction: Request correction of inaccurate or incomplete data
Erasure (GDPR): Request deletion where processing is no longer necessary (subject to ACNC/ATO retention obligations and on-chain limitations)
Data portability (GDPR): Receive your data in a structured, machine-readable format
Objection: Object to processing based on legitimate interests
Withdrawal of consent: Withdraw consent for optional communications at any time

To exercise these rights, contact [email protected]. We will respond within 30 days.

12. Children's Privacy

While the Foundation's mission extends to all life, our digital services and membership programs are directed at adults and organisations. We do not knowingly collect personal information from children under 16 without verified parental consent. Junior volunteer programs require parental/guardian registration and consent. Contact [email protected] if you believe we hold data from a child without proper consent.

13. Cookies and Analytics

The animalisark.org website uses minimal cookies for functionality and anonymised analytics:

Strictly necessary: Session security and form functionality
Analytics: Anonymised visitor statistics to improve the site - no individual tracking, no advertising cookies

We do not use third-party advertising networks or tracking pixels on this Foundation website.

14. Data Breaches

In the event of an eligible data breach under the Notifiable Data Breaches Scheme:

We will assess the breach within 30 days of becoming aware
Notify affected individuals and the OAIC as required
Notify the ACNC as part of our governance obligations if the breach is material
Notify EEA/UK supervisory authorities within 72 hours where GDPR applies

15. Contact and Complaints

Privacy Officer - Animalis aRK Foundation
c/- Haycar Global Pty Ltd
Brisbane, Queensland, Australia
Email: [email protected]

If you are dissatisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au. Members may also raise governance concerns with the ACNC at acnc.gov.au once registration is confirmed.

EEA/UK individuals may lodge complaints with their local data protection authority.

This Privacy Policy may be updated to reflect changes in Foundation activities or applicable law. Material changes will be communicated to members via email.