WaivpayPrivacy Policy
WAIVPAY is committed to respecting the privacy of all employees, customers and vendors, and complying with all applicable privacy laws.
These are set out in:
- The Privacy Act 1988, which contains the Australian Privacy Principles (APPs) and in relevant privacy codes. See https://www.oaic.gov.au/privacy/australian-privacy-principles/read-the-australian-privacy-principles/
This Policy is intended to adopt the highest applicable privacy laws in Australia and outlines the circumstances surrounding the management of personal information in accordance with privacy laws.
Application of Policy
This Policy applies to all WAIVPAY dealings with individuals, including employees (past and present) and prospective employees. This Policy does not form part of any employee’s contract of employment.
Guiding Principles
WAIVPAY adopts a privacy by design approach and takes and ensure we take all reasonable steps to protect the personal information we collect or hold.
- We only collect personal information that is necessary for the function or activity of our customer facing products and platforms
- Ensure our procedures and systems are compliant with the APPs including complaints handling.
- Make available an up-to-date and clear privacy policy specific to each application.
- Take all reasonable steps to ensure that personal information collected is accurate, complete and up to date.
- Provide individuals access to or correct their personal information on request.
- Where possible de-identify personal information
- Delete unsolicited personal information as soon as is practical, if it is not necessary for the function or activity of our customer facing products and platforms
- We do not use any personal information other than the original purpose of its collection.
WAIVPAY has a privacy working group which consists of key business representatives and the CEO who meet quarterly or as needed to oversee and ensure all policies are up to date and clearly communicated across the company.
What is Personal Information?
Personal information is information or an opinion about an identified individual, or an individual who is identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not (i.e. digitally or hard copy).
Sensitive information is a special category of personal information includes information or an opinion about a person’s health, race or ethnic origin, political, religious or philosophical beliefs, membership of a trade union or association, criminal record, sex life, sexual orientation and genetic and ‘biometric’ information.
We also treat credit card or debit card information as sensitive and do not store any credit card or debit card details
We will only collect a person’s sensitive information where it is reasonably necessary for our business activities and with the person’s consent.
How does WAIVPAY Classify the data we process or store?
WAIVPAY classify data into four categories that determine the processing, handling, storage and use of the data and the associated protection controls and systems.
| Classification | Description |
|---|---|
| Sensitive | Data that is defined by under the APP and examples include:
|
| Personal | Information that can be used to identify a data subject, either directly or in combination with other data or information. Common examples are an individual’s name, signature, address, telephone number, date of birth, email address and commentary or opinion about a person. |
| Confidential | Business data, terms, performance, accounting commercials by either party that should not to expose to other entities. |
| Normal | General data that does not belong to any other categories. |
For what purposes do we use personal information?
WAIVPAY only uses personal information which is reasonably necessary for our dealings with the relevant individual in the course of our business.
In general, we use personal information for the following purposes:
- providing products or services that have been requested
- communicating with the individual in fulfillment of the product or service
- provide support for our product and services
- complying with regulatory and legal obligations; or
In addition to the above purposes, we may also use personal information where an individual has consented to one or more specific purposes, or as necessary for compliance with our legal obligations, or otherwise for a legitimate purpose that is not overridden by the individual’s fundamental rights and freedoms. This includes accessing the contact list within an individual’s mobile device to pre-fill recipient data as part of the digital purchase form. This data is not stored or used in any other way.
What kinds of personal information do we collect?
The kinds of personal information that WAIVPAY collect will depend upon the specific product or service the relevant individual may have with us. We may collect information about:
- purchasers or potential purchasers of our products
- suppliers (for example, when establishing records and systems to enable payment for goods or services);
- job applicants (for the purposes of employment)
- employees or contractor records
The kinds of personal information may include, but are not limited to:
- information that identifies purchasers such as name, address, delivery details, email address and any other information required to enable fulfillment of the product or service
- information about a person that is required or authorised by law
How does we collect personal information?
We primarily collect information directly from individuals. However, in some cases, we may receive that information from other sources, such as a third party who discloses the information to us in connection with providing a product or service requested by the individual.
If we collect personal information directly from an individual, we will notify the individual, at the time of collection, of the following information:
- Our identity and the contact details of our representative who handles privacy related enquiries and requests.
- the facts and circumstances of the collection;
- the purposes of collection;
- the length of time we will keep the information;
- the consequences if personal information is not collected;
- how and to whom else we may disclose that personal information;
- information about our Privacy Policy, including an individual’s right to access and seek correction of personal information we have about them; and
Where personal information has been collected indirectly (i.e. from a third party), we will notify the individual of the above matters as soon as reasonably practicable, unless doing so would be impossible or involve a disproportionate effort. In addition, we will inform the individual of the source from which we obtained the information.
To the extent practicable, we will also provide individuals with the option of deidentifying themselves or of using a pseudonym when dealing with us.
Direct marketing
WAIVPAY will provide a simple means by which individuals may opt-out of any direct marketing communications undertaken by WAIVPAY. WAIVPAY does not direct market to any purchaser’s or potential purchaser’s for products or services unless provided directly to the purchaser or potential purchaser by WAIVPAY Employees
Job applicants
WAIVPAY may collect personal information from job applicants in the course of the recruitment process.
Access to employment records
The Privacy Act, Australia gives employees the right to access certain statutory employment records, including:
- their employment agreement
- their time and wages records their leave records
Consent and withdrawal of consent
Where WAIVPAY relies on an individual’s consent to lawfully collect and use their personal information, that consent must be explicit (i.e. not implied), freely given, informed and specific (i.e. distinguishable from consent for other matters or purposes).
Individuals may withdraw their consent at any time by notifying us. We will then delete the individual’s Personal Information unless we have another legitimate basis to use that information. Withdrawal of consent may mean that we will no longer be able to offer the same products and services to the individual.
How long is Personal Information kept?
WAIVPAY keeps personal information only as long as necessary to fulfil the purpose for which it was collected. When we no longer need it for that purpose, we will destroy the information or ensure that the information is de-identified (i.e. it will no longer be possible to connect the information to the individual).
Generally speaking, we keep employee records for seven years or as required by law.
Overseas recipients of Personal Information
WAIVPAY does not disclose or release any personal information to entities or organisations in other countries (Overseas Recipients).
Right to access and correct
WAIVPAY takes all reasonable steps to ensure that the personal information it uses is accurate, up-to-date and complete. However, where this is not the case, individuals have a number of rights they may exercise:
Individuals have the right to:
- access their personal information held by WAIVPAY
- access information about where and for what purpose we have used their information
- correct any incorrect information
If an individual makes a request for access to or correction of their personal information, we will respond within a reasonable period and, if reasonable and practicable to do so, we will:
- provide the information, unless we consider that there is a sound and lawful reason to withhold it;
- correct the information, if we are satisfied the information we hold is incorrect.
If we refuse to give access to or correct personal information as requested by an individual, we will explain our decision to the individual and advise them of mechanisms available to them to complain about that refusal.
Right to be forgotten
Individuals have the right to have their personal information erased in certain circumstances, including where the information is no longer relevant to the original purpose for which it was collected or where the individual withdraws their consent.
Right to object to or restrict use
Where WAIVPAY uses personal information without the individual’s consent (but pursuant to another legitimate purpose), the individual has the right to object to or restrict such use of their personal information.
Data breach notification
In the event of a data breach that is likely to result in serious harm to the individual, we will comply with mandatory data breach notification laws. This includes notification to the affected individual and, if the breach is in Australia, also to the Australian Information Commissioner. Please refer to our Data Breach Response Plan.
Variations
We reserve the right to vary, replace or terminate this policy from time to time.