Privacy Policy

Last updated: 16 August 2023

Who are we and what do we do?

Capital B Pty Ltd, trading as “Soda” (in this Privacy Policy, Soda) is committed to protecting the privacy of personal information.

This policy explains how Soda collects your personal information and how we use, share, store and retain your personal information. In this policy, personal information means any information relating to an identified or identifiable natural person.

Soda may update this policy from time to time by posting a revised version of the policy on our website.

Contact Soda

Soda is an Australian registered businesses. You can contact Soda:

By post at: Soda Legal, PO BOX 10769, Brisbane QLD 4001

By email at:

Contact Soda’s Data Protection Officer

Additionally, if you have an enquiry regarding privacy, or you wish to raise a complaint, you can contact Soda’s Data Protection Officer by email at

1. Our collection of personal information

Information collected directly from you

The personal information we collect directly from you will be apparent from the

context in which you provide the information.

In particular, we may collect your name, email address, phone number, communication records, company name, job title, employer and any other information you choose to provide directly to us:

  • as part of your business relationship with us;
  • in response to marketing or other communications;
  • through social media or online forums;
  • in connection with an actual or potential business relationship with us;
  • when you fill in an online form on our website or contact our team by phone or email; or
  • when you give us your business card or contact details in person, or if your information is provided in connection with Soda events, promotions or marketing activities.
Data from other sources

We may also collect personal information from other sources, such as representatives authorised to act on a customer’s or counterparty’s behalf, as well as from our employees,

agents, contractors, suppliers, credit reporting bodies and credit providers and public sources.

Team members within your organisation may provide us with your business contact information, such as your name, business email address, phone number, job title or role.

In some cases, we may also collect business contact information from public

sources or from third party service providers who licence your data to us. We use this data for direct marketing purposes based on our legitimate interests in marketing our services to your employer. You can exercise any of your rights described in this Policy, including the right to ask us to erase your business contact information or object to the processing, by contacting our Data Protection Officer at

Data created through use of our website

We use Google Analytics for aggregated, anonymized website traffic analysis. In order to track your session usage, Google drops a cookie with a randomly-generated anonymised ClientID in your browser. This information is important to us for improving the user experience and determining site effectiveness.

2. How we use personal data

We rely upon a number of legal grounds as outlined below to ensure that our use of your personal data is compliant with applicable law.

Contractual and pre-contractual business relationships

We use personal information for the purpose of entering into business relationships with prospective customers and suppliers, and to perform contractual obligations under contracts with customers and suppliers.

Activities that we may conduct in this context include:

  • customer management, accounting, auditing, billing and debt collection activities;
  • customer creditworthiness checks and vendor risk management such as anti money laundering or sanctions checks;
  • responding to customer or supplier inquiries;
  • product or market research, development or business planning;
  • provisioning customer services;
  • communications regarding the services we provide or receive, future business relationships and related customer service;
  • investigating complaints and carrying out dispute resolution; and
  • any other activity reasonably necessary in connection with administering Soda’s agreement with customers or suppliers.

Legitimate interests

Personal data may also be used in the context of various other legitimate business interests. When we process your data on the basis of legitimate business interests, we take measures and ensure safeguards are in place to protect your rights and interests.

Specifically, we process personal data:

  • to enable us to deliver and improve our services;
  • to detect, prevent and address technical issues in the interests of business continuity and ensuring services operate as intended;
  • for direct marketing (where you have expressed an interest in one or more of our services, completed an online form or otherwise indicated your interest in pursuing a business relationship), but only if we think you are able to reasonably expect at the time and in the context of collection of the data that processing for the purpose of direct marketing may take place. We do this in the interest of growing Soda’s business;
  • for the purpose of keeping our services safe and secure in the interests of prevention of fraud or misuse of our services and protection of Soda’s database or information systems; or
  • for the investigation and enforcement of legal claims, debt collection via out-of-court procedures and other dispute resolution procedures to enable us to ensure that Soda’s rights are protected and to seek remedies if necessary.
3. Disclosure of personal information to third parties

If you consent, we may process your data or share it with third parties for the purposes of marketing, advertising and related analytics.

Who Soda shares personal information with

Government, Law Enforcement and Regulatory Bodies

We may share personal information with government, law enforcement and regulatory bodies where this is required for Soda to comply with legal and regulatory obligations.

Service Providers

We may share your information with a limited number of third party service providers who we engage to perform tasks or provide capabilities on our behalf, such as other telecommunications and information service providers, our customer relationship management software providers, email service providers or other service providers.

We may also share your information with representatives and agents of Soda’s legal, accounting, human resources and financial advisers, or our affiliated companies.

Purchasers of the Soda business If any Soda company or substantially all of its assets are acquired by a third party, the personal information held by it about its customers will be one of the transferred assets.

Credit reference bureaus

We may share personal information with credit reference bureaus for the purpose of preparing credit reports or evaluation of creditworthiness.

Location of disclosure of personal information

The organisations that Soda shares personal data with are located throughout the world, but predominantly in the United States, United Kingdom, European Union, Singapore and Australia. If you are in the European Union, some of the countries to which data will be transferred in our use of service providers, such as the United States and Australia, may not necessarily have data protection laws as comprehensive or protective as those in your country of residence. Soda has adopted internal policies and implemented measures to ensure appropriate and suitable safeguards are in place in relation to such transfers. You can request more information at

4. Storage and retention of personal information

We may store personal information in both electronic and paper form. We take reasonable steps to ensure that systems for storage of such personal information are maintained securely.

We will retain your information for only as long as there is a business or legal need and take reasonable steps to destroy or de-identify personal information if it is no longer reasonably required.

5. Your rights and choices

Depending on your location and subject to applicable laws, you may have the following rights with regard to the personal information we control about you:

  • the right to request access to and rectification of personal information relating to you;
  • the right to request that we erase your personal information in certain circumstances provided by law;
  • the right to request that we restrict our use of your personal information in certain circumstances, such as while we consider another request that you have submitted;
  • where the processing of your personal information is based on your previously given consent, you have the right to withdraw your consent at any time; an
  • the right to object to the processing of your personal information for direct marketing purposes or on grounds relating to your particular situation.

You can exercise the above rights by contacting us at

Additionally, if our data collection or processing is based on your consent, you may at any time withdraw your consent with effect for the future by email to

You also have the right to lodge a complaint with your local supervisory authority, which will vary depending on your location.