Pintech Pty Ltd ACN 618 935 265, and its related body corporates (as that term is defined in the Corporations Act 2001 (Cth)) (“We” or “Us” or “Our”, as appropriate) respect your privacy and comply with the Privacy Act 1998 (Cth) (the “Act”), which requires Us to provide this Privacy Policy to Our clients and others about whom We hold personal information, on request (“You,” “Your”, as appropriate). This document sets out Our policies for management of personal information. This policy may be superseded at any time in the future.
PART 1—CONSIDERATION OF PERSONAL INFORMATION PRIVACY
Australian Privacy Principle 1 — Open and Transparent Management of Personal Information
1.1 We manage personal information, i.e. “information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion”, which is a very wide definition, in an open and transparent way.
Compliance with the Australian Privacy Principles etc.
1.2 We take such steps as are reasonable in the circumstances to implement practices, procedures and systems relating to Our functions and activities that:
(a) ensure that We comply with the Australian Privacy Principles and any APP Code that may apply to Us; and
(b) enable Us to deal with inquiries or complaints from individuals about Our compliance with the Australian Privacy Principles or any such code.
APP Privacy policy
1.3 We have a clearly expressed and up to date policy (the “APP privacy policy”) about the management of personal information by Us, namely this document.
Types of information we collect
1.4 The type of personal information that We may collect and hold, include:
(a) identifying information, such as Your name and date of birth;
(b) contact information, such as Your address, email address and telephone/mobile number;
(c) financial information, such as bank account or other payment details;
(d) for our employees, employee records that may contain personal information including safety information (e.g. location information, emergency contacts) and travel and right to work information (e.g. copies of passports, visas and drivers licences);
(e) for employees, personal information captured in our records when using payroll and HR systems and devices for personal use (e.g. transaction history);
(f) usernames that You create when registering for an account with us;
(g) Your organisation and position, where Your organisation has business dealings with us;
(h) information about Your occupation and employer organisation;
(i) details of any products or services we provide to Your organisation;
(j) information about how You use the products or services we provide to You;
(k) records of our communications with You, such as telephone, email, SMS, online and in-person communications.
Existing clients using Plutosoft software
1.5 If we provide You with access to an environment where You
can store and process personal information about Your
clients, employees and/or others, such personal information
is not accessed, disclosed, or modified by us (except to the
extent Our permitted employees are required to access client environments for system configuration, maintenance, support and/or account administration purposes or as otherwise required by law).
1.6 Access to the data or information contained within any of these environments is controlled directly by You. It is Your responsibility to obtain consent from Your clients and other individuals before their personal information is collected, stored, used, processed, modified, or disclosed by You using any of Our environments.
How we collect information
1.7 We may collect and hold personal information, about You in the following ways:
(a) when You order products or services from us;
(b) when You use our online services), and other products and services (including our website);
(c) when You log a support request;
(d) when we visit Your sites or offices;
(e) when You respond to a survey that we run or fill in forms on our website;
(f) by tracking Your use of our products and services (including our website);
(g) from third parties who are entitled to disclose that information to us;
(h) from publicly available sources;
(i) from online sources (including social media platforms and providers (e.g. LinkedIn);
(j) suppliers of information products and services (e.g. companies that consolidate data from multiple public sources);
(k) when You apply for a job with us; or
(l) other lawful means.
1.8 We collect, hold, use, and disclose personal information for
the following purposes:
(a) identifying and corresponding with Our clients, prospective clients and other organisations or individuals generally to enable Us to conduct Our business, provide and market Our services, and to meet Our legal and other obligations in respect to the provision of services;
(b) matters implicit in Our management including, but not limited to, service monitoring, training, planning, evaluation and accreditation activities and compliance with quality assurance audits;
(c) marketing various other products and services;
(d) any more specific purpose given at the time of the collection; and
(e) generally anything necessary and expedient to achieve the above.
Contact
1.9 You may access personal information that we hold about You including, if relevant, seeking correction of such information, by contacting Us at:
Pintech Pty Ltd
52 Oswald Street, Innaloo, WA 6026
Tel: 1800 574 040
E-Mail: salesdesk@plutosoft.com.au
Web: www.plutosoft.com.au
Attention: Privacy Officer
1.10 We deal with complaints about a breach of the Australian Privacy Principles, or a registered APP code (if any) that binds Us in the following manner:
(a) an individual may make a complaint by contacting Us via the contact details provided above.
(b) We deal with complaints by investigating the complaint and taking the appropriate action.
1.11 We do not disclose personal information to overseas recipients, except to the extent that the information is stored on secure servers abroad (see below).
Availability of APP privacy policy etc.
1.12 We take such steps as are reasonable in the circumstances to make Our APP privacy policy available:
(a) free of charge; and
(b) in such form as is appropriate.
1.13 If a person or body requests a copy of Our APP privacy policy in a particular form, We take such steps as are reasonable in the circumstances to give the person or body a copy in that form.
Australian Privacy Principle 2 — Anonymity and Pseudonymity
2.1 Individuals do not have the option of not identifying themselves, or of using a pseudonym, when dealing with Us in relation to a particular matter, except to the extent that they trade under a business name.
PART 2—COLLECTION OF PERSONAL INFORMATION
Australian Privacy Principle 3 — Collection of Solicited Personal Information
Personal Information other than Sensitive Information
3.1 We do not collect personal information (other than sensitive information) unless the information is reasonably necessary for, or directly related to, one or more of Our services, functions, or activities.
Sensitive Information
3.2 We do not generally collect or disclose sensitive personal information about an individual (eg information or an opinion about an individual’s: racial or ethnic origin; or political opinions; or religious beliefs or affiliations etc) unless authorised by law.
Solicited Personal Information
3.3 This principle applies to the collection of personal information that is solicited by Us.
Australian Privacy Principle 4 — Dealing with Unsolicited
Personal Information
(a) We receive personal information; and
(b) We did not solicit the information,
… We will, within a reasonable period after receiving the information, decide whether or not We could have collected the personal information under Australian Privacy Principle 3.
4.2 We may use or disclose the personal information for the purposes of making the decision under subclause 4.1.
(a) We decide that We could not have collected the personal information; and
(b) the personal information is not contained in a
Commonwealth record,
… We will, as soon as practicable, but only if it is lawful and reasonable to do so, destroy the information or ensure that the information is de-identified.
4.4 If subclause 4.3 does not apply in relation to the personal information, Australian Privacy Principles 5 to 13 apply in relation to the information as if We had collected the information under Australian Privacy Principle 3.
Australian Privacy Principle 5 — Notification of the Collection of Personal Information
5.1 This policy, other legal notices published on our website and our internal practices and procedures are Our way to ensure that individuals know about the personal information We collect.
5.2 We are committed to making all reasonable efforts to inform individuals about the personal information We collect before We collect it, for example by making this Policy and Our other legal notices publicly available. We will also inform individuals about collection at the time We collect personal information, for example through website activity (Our Website Terms and Conditions of Use) and other forms of communication such as email.
PART 3—DEALING WITH PERSONAL INFORMATION
Australian Privacy Principle 6 — Use or Disclosure of Personal Information
Use or Disclosure
6.1 If We hold personal information about an individual that was collected for a particular purpose (the primary purpose), We do not use or disclose the information for another purpose (the secondary purpose) except in circumstances permitted by the APP.
Related Bodies Corporate
6.2 If We collect personal information from a related body corporate, this principle applies as if Our primary purpose for the collection of the information were the primary purpose for which the related body corporate collected the information.
Exceptions
6.3 This principle does not apply to the use or disclosure by Us of:
(a) personal information for the purpose of direct marketing; or
(b) government related identifiers.
Australian Privacy Principle 7 — Direct Marketing
Direct Marketing
7.1 We may use and disclose Your personal information for marketing purposes (but we will not sell Your personal information to any third party). We may contact You about our products and services (including our website), the products and services of other people, or related special offers from our business partners, that we think may be of interest to You. This information may be sent to You by email, SMS or by other means.
7.2 We provide a simple means by which the individual may easily request not to receive direct marketing communications from Us and opt-out.
Australian Privacy Principle 8 — Cross-Border Disclosure of Personal Information
Location of data centres
8.1 Data entered or uploaded into Your Plutosoft environment is hosted on an Oracle data centre located in the Commonwealth of Australia.
8.2 We use certain third-party software applications for the purpose of running our business including e-mail, marketing, payroll, service desk and accounting systems which are hosted outside the Commonwealth of Australia, including HubSpot, Jira and Xero.
8.3 We take such steps as are reasonable in the circumstances to ensure that the overseas recipient stores the data appropriately.
Australian Privacy Principle 9 — Adoption, Use or Disclosure of Government Related Identifiers
Adoption of Government Related Identifiers
9.1 We do not adopt a government related identifier of an individual as its own identifier of the individual unless:
(a) the adoption of the government related identifier is required or authorised by or under an Australian law or a court/tribunal order; or
(b) subclause 9.2 applies in relation to the adoption.
Use or Disclosure of Government Related Identifiers
9.2 We do not use or disclose a government related identifier of an individual unless:
(a) the use or disclosure of the identifier is reasonably necessary for Us to verify the identity of the individual for the purposes of Our activities or functions; or
(b) the use or disclosure of the identifier is reasonably necessary for Us to fulfil Our obligations to an agency or a State or Territory authority; or
(c) the use or disclosure of the identifier is required or authorised by or under an Australian law or a court/tribunal order; or
(d) a permitted general situation (other than the situation referred to in item 4 or 5 of the table in subsection 16A(1)) exists in relation to the use or
disclosure of the identifier; or
(e) We reasonably believe that the use or disclosure of the identifier is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
(f) subclause 9.3 applies in relation to the use or disclosure.
Note 1: An act or practice of an agency may be treated as Our act or practice, see section 7A.
Note 2: For permitted general situation, see section 16A. Regulations about Adoption, Use or Disclosure
9.3 This subclause applies in relation to the adoption, use, or disclosure by Us of a government related identifier of an individual if:
(a) the identifier is prescribed by the regulations;
(b) We are prescribed by the regulations, or are included in a class of organisations prescribed by the regulations; and
(c) the adoption, use, or disclosure occurs in the circumstances prescribed by the regulations.
PART 4—INTEGRITY OF PERSONAL INFORMATION
Australian Privacy Principle 10 — Quality of Personal Information
10.1 We take such steps as are reasonable in the circumstances to ensure that the personal information that We collect is accurate, up to date, and complete.
10.2 We take such steps as are reasonable in the circumstances to ensure that the personal information that We use or disclose is, having regard to the purpose of the use or disclosure, accurate, up to date, complete, and relevant.
Australian Privacy Principle 11 — Security of Personal
Information
11.1 If We hold personal information, We take such steps as are reasonable in the circumstances to protect the information:
(a) from misuse, interference, and loss; and
(b) from unauthorised access, modification, or disclosure.
11.2 If:
(a) We hold personal information about an individual;
(b) We no longer need the information for any purpose for which the information may be used or disclosed by Us under this Schedule;
(c) the information is not contained in a Commonwealth record; and
(d) We are not required by or under an Australian law, or a court/tribunal order, to retain the information, We take such steps as are reasonable in the circumstances to destroy the information or to ensure that the information is de-identified.
PART 5—ACCESS TO, AND CORRECTION OF, PERSONAL INFORMATION
Australian Privacy Principle 12 — Access to Personal Information
Access
12.1 If We hold personal information about an individual, We will, on request by the individual, give the individual access to the information.
Exception to Access — Agency
12.2 We are not an agency and accordingly clause 12.2 is not applicable to Us.
Exception to Access — Organisation
12.3 Despite subclause 12.1, We are not required to give the individual access to the personal information to the extent that:
(a) We reasonably believe that giving access would pose a serious threat to the life, health, or safety of any individual, or to public health or public safety; or
(b) giving access would have an unreasonable impact on the privacy of other individuals; or
(c) the request for access is frivolous or vexatious; or
(d) the information relates to existing or anticipated legal proceedings between Us and the individual, and would not be accessible by the process of discovery in those proceedings; or
(e) giving access would reveal Our intentions in relation to negotiations with the individual in such a way as to prejudice those negotiations; or
(f) giving access would be unlawful; or
(g) denying access is required or authorised by or under an Australian law or a court/tribunal order; or
(h) both of the following apply:
(i) We have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to Our functions or activities, has been, is being, or may be engaged in; and
(ii) giving access would be likely to prejudice the taking of appropriate action in relation to the matter; or
(i) giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
(j) giving access would reveal evaluative information generated by Us in connection with a commercially sensitive decision-making process.
Dealing with Requests for Access
12.4 We will:
(a) respond to the request for access to the personal information within a reasonable period after the request is made; and
(b) give access to the information in the manner requested by the individual, if it is reasonable and practicable to do so.
Other Means of Access
12.5 If We refuse:
(a) to give access to the personal information because of subclause 12.2 or 12.3; or
(b) to give access in the manner requested by the individual, We will take such steps as are reasonable in the circumstances to give access in a way that meets Our needs and those of the individual.
12.6 Without limiting subclause 12.5, access may be given through the use of a mutually agreed intermediary.
Access Charges
12.7 We are not an agency and accordingly clause 12.7 is not applicable to Us.
12.8 If We charge the individual for giving access to the personal information, the charge will not be excessive and will not apply to the making of the request.
Refusal to Give Access
12.9 If We refuse to give access to the personal information because of subclause 12.2 or 12.3, or to give access in the manner requested by the individual, We will give the individual a written notice that sets out:
(a) the reasons for the refusal except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so;
(b) the mechanisms available to complain about the refusal; and
(c) any other matter prescribed by the regulations.
12.10 We refuse to give access to the personal information because of paragraph 12.3(j), the reasons for the refusal may include an explanation for the commercially sensitive decision.
Australian Privacy Principle 13 — Correction of Personal
Information
(a) We hold personal information about an individual; and
(b) either:
(i) We are satisfied that, having regard to a purpose for which the information is held, the information is inaccurate, out of date, incomplete, irrelevant, or misleading; or
(ii) the individual requests Us to correct the information, We will take such steps as are reasonable in the circumstances to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up to date, complete, relevant, and not misleading.
Notification of Correction to Third Parties
13.2 If:
(a) We correct personal information about an individual that We previously disclosed to another APP entity; and
(b) the individual requests Us to notify the other APP entity of the correction, We will take such steps as are reasonable in the circumstances to give that notification unless it is impracticable or unlawful to do so.
Refusal to Correct Information
13.3 If We refuse to correct the personal information as requested by the individual, We will give the individual a written notice that sets out:
(a) the reasons for the refusal except to the extent that it would be unreasonable to do so;
(b) the mechanisms available to complain about the refusal; and
(c) any other matter prescribed by the regulations.
Request to Associate a Statement
13.4 If:
(a) We refuse to correct the personal information as requested by the individual; and
(b) the individual requests Us to associate with the information a statement that the information is inaccurate, out of date, incomplete, irrelevant, or misleading, We will take such steps as are reasonable in the circumstances to associate the statement in such a way that will make the statement apparent to users of the information.
Dealing with Requests
13.5 If a request is made under subclause 13.1 or 13.4, We:
(a) will respond to the request within a reasonable period after the request is made; and
(b) will not charge the individual for the making of the request, for correcting the personal information, or for associating the statement with the personal information (as the case may be).
See www.privacy.gov.au for more information on Privacy Issues
Release June 2022