Introduction
Who does this Privacy Policy apply to?
This Privacy Policy (“this Policy”) applies to “iDt Group” (“we” or “us”) which includes iDtec Pty Ltd and iDt Limited.
We want you to know that we are committed to protecting your privacy and handling your personal information in secure and transparent way.
This policy explains the types of personal information that we may collect and hold, how that information is used and with whom the information is shared. It also sets out how you can contact us if you have any queries or concerns about this information.
What laws apply to us?
When handling personal information, we will comply with the New Zealand Privacy Act 2020 (as amended from time to time).
We are also bound by the Australian Privacy Principles contained in the Privacy Act 1988 (Cth), which governs the way private sector organisations collect, use, keep secure and disclose Personal Information. The Privacy Act 1988 (Cth) defines “Personal Information” to mean any information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.
We take our obligations under these “Privacy Acts” and other applicable data protection laws seriously. Therefore, in addition to this Policy, we also:
- Maintain an internal privacy policy; and
- Where appropriate or required by the Privacy Acts; include terms in our agreements with our clients that describe how we handle personal information during the delivery of our professional services.
The purpose of the Privacy Policy is generally to inform people of:
- how and when we collect Personal Information or Personal Data (as applicable);
- how we use and disclose Personal Information or Personal Data (as applicable);
- how we keep Personal Information or Personal Data (as applicable) secure, accurate and up to date.
- how an individual can access and correct their Personal Information or Personal Data (as applicable); and
- how we will facilitate or resolve a privacy complaint.
If you have any questions or comments about this policy, please email our privacy officer at privacy@idtgroup.com and we will attend to your query promptly.
I. Kinds of Personal Information or Personal Data (As Applicable) That We Collect
We will only use or disclose your Personal Information or Personal Data (as applicable) for the primary purpose for which it was collected or as consented to by you.
At or around the time we collect Personal Information or Personal Data (as applicable) from you, we will endeavour to provide you with a notice which details how we will use and disclose that specific information.
Types of Information we may collect
- Contact information such as name, email address, residential address, phone numbers, country of residence, next of kin, emergency contact details.
- Identifying information such as Passport and Date of Birth
- Employee record information such as Employer, Hire Date, Award Group, Work VISA and Rostered Hours.
We do not always capture or store all these types of information – only that necessary for the provision of the service requested by the customer.
Disclosures
We may disclose your Personal Information or Personal Data (as applicable) to:
- Government agencies, including but not limited to the Australian Taxation Office, Centrelink and the Child Support Agency;
- Our service providers;
- Third parties in connection with the sale of any part of our business or an entity that we own; or
- As required or authorised by law.
II. How We Collect and Hold Your Personal Information or Personal Data (As Applicable)
As much as possible or unless provided otherwise in this Privacy Policy or a notification, we will collect your Personal Information or Personal Data (as applicable) directly from you, our client.
However, we may also collect Personal Information or Personal Data (as applicable):
- In conversations with you, in person or by e-mail, fax and telephone;
- From your employees when they interact with the Services;
- From third parties such as your payroll provider, accountant, related companies, credit reporting agencies or your representatives;
- When we are required to do so by law; and
- From our own records of your usage of iDt Group services.
Where we inadvertently collect Personal Information or Personal Data (as applicable) from you, or a third party in circumstances where we have not requested that Personal Information or Personal Data (as applicable) and we consider that it is not required, we will destroy or de-identify that information.
We take security of your Personal Information or Personal Data (as applicable) seriously and will hold it securely and store it on infrastructure owned or controlled by us or with a third-party service provider who has taken all reasonable steps to assist us in complying with the Privacy Acts.
III. How We Use Your Personal Information or Personal Data (As Applicable)
Your Personal Information or Personal Data (as applicable) may be used to:
- provide products and services to you or your employer;
- collect payments and to administer your account;
- for development of existing and new products and services;
- maintain and update our business infrastructure and systems.
IV. Disclosing Your Personal Information
In providing our products and services or collecting and using your Personal Information or Personal Data (as applicable), we will always keep your data private to the maximum extent commercially and practically possible. In the normal course of business and in order to provide your service we may be required to disclose some of your Personal Information or Personal Data (as applicable) to organisations outside iDt Group. Such organisations may include:
- Our outsourced service providers, which are always carefully selected by us and are bound by our privacy policy;
- Your legal, accounting, financial or other professional advisors if you agree as part of the service;
- Other software providers that you have authorised integration with as part of the service;
- Our legal, accounting, financial or other professional advisors;
- Regulatory, government and other authorities as required by law;
- Our subsidiaries and closely related organisations;
- Other organisations involved in managing our trade receivables, business, financial affairs.
V. Sensitive Information
We may also collect sensitive information from you. Sensitive information is a subset of Personal Information or Personal Data (as applicable). It includes biometric information that is to be used for the purposes of automated biometric verification or biometric identification or biometric templates.
In general, we attempt to limit the amount of sensitive information collected from you, but inherent in the use of our product is the likelihood that we will collect sensitive information from you, and you will collect that from your employees.
We may collect sensitive information from you, or you from your employees where you (or your employee, as the case may be) have consented and agreed to the collection of such information. By using our services, you and your employees consent to the collection of sensitive information.
We do not and will not use sensitive information to send you direct marketing communications, or share with any third party except for the provision of our services.
VI. Cross Border Disclosure
Any Personal Information or Personal Data (as applicable) collected and held by us may be disclosed to and held in Australia and/or New Zealand only, including where we use third party service providers to assist us in providing iDt Group’s platform and other services to you (including software, platforms and infrastructure).
VII. Accuracy of Your Personal Information or Personal Data (As Applicable)
We take reasonable precautions to make sure that the Personal Information or Personal Data (as applicable) we hold is accurate and up to date. To ensure this, we recommend that you notify us of errors, omissions or changes in your Personal Information or Personal Data (as applicable). This is especially important for information required for us to communicate with you, such as a change in name, email, phone number or address.
VIII. Security of Your Personal Information or Personal Data (As Applicable)
iDt Group takes all reasonable steps to ensure that your Personal Information or Personal Data (as applicable) is protected from misuse, loss, unauthorised access, modification or disclosure. Some notable measures to ensure the security of your Personal Information or Personal Data (as applicable) include:
- encryption and regular backups of the database;
- ensuring that the Personal Information or Personal Data (as applicable) we collect, use or disclose is accurate, complete and up to date;
- protecting your Personal Information or Personal Data (as applicable) from misuse, loss, unauthorised access, modification, or disclosure both physically and through computer security methods; and
- destroying or permanently de-identifying Personal Information or Personal Data (as applicable) if it is no longer needed for its purpose of collection.
You will appreciate, however, that we cannot guarantee the security of all transmissions of Personal Information or Personal Data (as applicable), that may be due to human error or malicious activity by a third party or actor.
The security of this information is also dependent on our customers measures to protect any email addresses and/or passwords from disclosure and unauthorised use.
IX. Access to And Correction of Your Personal Information or Personal Data (As Applicable)
You have the right to access any of your Personal Information or Personal Data (as applicable) that we hold, with some exceptions as allowed by law. To obtain a copy of this information, contact us and we will provide it to you. iDt Group reserves the right to charge a reasonable fee for the provision of this information.
If you would like to correct any records of Personal Information or Personal Data (as applicable) we have about you, you are able to access and update that information (subject to the above exceptions) by contacting us via the details set out below.
iDt Privacy Officer at:
iDtec Pty Ltd, PO Box 1037, Ashmore City, QLD 4214, Australia
or
iDt Limited, P.O Box 71178, Rosebank, Auckland 1348, New Zealand
X. Your Authority
By continuing to use our products or services or website you consent to iDt Group maintaining, using and disclosing your Personal Information or Personal Data (as applicable) as described in this policy. Your Personal Information or Personal Data held as part of our cloud SaaS products and services will be deleted 60 days after Service Termination.
XI. Resolving Privacy Complaints
We have put in place procedures to resolve privacy complaints. We will ensure that all complaints are dealt with in a reasonably appropriate timeframe so that any decision (if required) is made expeditiously and in a manner that does not compromise the integrity or quality of any such decision.
If you wish to make a complaint, please contact us at the details listed above.
In order to resolve a complaint, we:
- will liaise with you to identify and define the nature and cause of the complaint;
- may request that you provide the details of the complaint in writing;
- will keep you informed of the likely time frame within which we will respond to your complaint; and
- will inform you of the legislative basis (if any) of our decision in resolving such complaints.
We will maintain a register of all complaints, and any action taken.
XII. Consent, Modifications and Updates
This Privacy Policy is a compliance document rather than a legal contract between two or more persons. However, certain contracts may incorporate all or part of this Privacy Policy.
By using our website, purchasing a product or service from us, where you have been provided with a copy of our Privacy Policy or had a copy of our Privacy Policy reasonably available to you, you are acknowledging and agreeing to provide the consents given by you in this Privacy Policy and you have been informed of all the matters in this Privacy Policy.
We reserve the right to modify our Privacy Policy as our business needs require. We will take reasonable steps to notify you of such changes (whether by direct communication or by posting a notice on our website). If you do not agree to our continued use of your Personal Information or Personal Data (as applicable) due to the changes in our Privacy Policy, please stop providing us with your Personal Information or Personal Data (as applicable) and contact us via the details set out at the top of this Policy.