Tanda Privacy Policy

In this Privacy Policy, the expressions “Tanda”, "we", "us" and "our" are a reference to EPI Capital Pty Ltd (ACN 158 472 943) and its Related Bodies Corporate (as defined in the Corporations Act 2001 (Cth)).

Our contact details (residents of the European Union should refer to Section XVI):

Tanda

Level 1/490 Adelaide Street

Brisbane Queensland 4000

Australia

Email: info@tanda.co

CONTENT:

I. Introduction

II. Kinds of Personal Information or Personal Data (as applicable) that we collect

III. How we collect and hold your Personal Information or Personal Data (as applicable)

IV. How we use your Personal Information or Personal Data (as applicable)

V. Disclosing your Personal Information

VI. Sensitive information

VII. Direct marketing

VIII. Credit information and Credit Reporting Policy

IX. Anonymity

X. Cross border disclosure

XI. Accuracy of your Personal Information or Personal Data (as applicable)

XII. Security of your Personal Information or Personal Data (as applicable)

XIII. Access to and correction of your Personal Information or Personal Data (as applicable)

XIV. Your Authority

XV. Resolving privacy complaints

XVI. European Union

XVII. Consent, modifications and updates

I. Introduction

This Privacy Policy (Section I to XV and XVII) applies to Personal Information collected by us. We are bound by the Australian Privacy Principles and the Privacy Act 1988 (Cth), which governs the way private sector organisations collect, use, keep secure and disclose Personal Information.

The Privacy Act 1988 (Cth) defines “Personal Information” to mean any information or an opinion about an identified individual, or an individual who is reasonably identifiable:

  • whether the information or opinion is true or not; and
  • whether the information or opinion is recorded in a material form or not.

If you are a resident of the European Union, we are required to comply with the GDPR (as defined in Section XVI) in relation to your Personal Data.

Sections I and XVI of this Privacy Policy apply primarily to Personal Data collected by us. We are bound by the GDPR (defined in Section XVI below), which governs the way that we, as a controller of Personal Data, must process that Personal Data. If you are a resident of the European Union, please have reference primarily to Section XVI to understand how we process your Personal Data and your rights as a Data Subject (as defined in Section XVI).

The purpose of the Privacy Policy is generally to inform people of:

  • how and when we collect Personal Information or Personal Data (as applicable);
  • how we use and disclose Personal Information or Personal Data (as applicable);
  • how we keep Personal Information or Personal Data (as applicable) secure, accurate and up-to-date;
  • how an individual can access and correct their Personal Information or Personal Data (as applicable); and
  • how we will facilitate or resolve a privacy complaint.

If you have any questions or comments about this policy please email our privacy officer at info@tanda.co (or if you are a European Union resident, please refer to the details at Section XVI below) and we will attend to your query promptly.

II. Kinds of Personal Information or Personal Data (as applicable) that we collect

We will only use or disclose your Personal Information or Personal Data (as applicable) for the primary purpose for which it was collected or as consented to by you.

At or around the time we collect Personal Information or Personal Data (as applicable) from you, we will endeavour to provide you with a notice which details how we will use and disclose that specific information.

We set out some common collection, use and disclosure instances below.

Purpose

Type of information

Uses

Disclosures

Sales and enquiries

Contact information such as your name, company name, address, billing address, email address, phone numbers, username and password.

Transaction sales such as credit card information and billing contacts.

The types of uses we will make of Personal Information or Personal Data (as applicable) collected for this type of purpose include:

  • if required, verification of your identity;
  • provision of our services through the Tanda platform to you and your business;
  • using your Personal Information or Personal Data (as applicable) for “marketing services” (as set out below)
  • for general administrative and security purposes such as ensuring our website and platform remain secure; maintaining and developing our products and for quality assurance purposes
  • where that Personal Information or Personal Data (as applicable) entered by your employees has been anonymised, benchmarking, financial trends and economic analysis and reporting by our research team’s products and services

The types of disclosures we will make of Personal Information or Personal Data (as applicable) collected for this type of purpose include, without limitation, to:

  • third parties connected with the sales process including ecommerce, payment gateway providers and financial institutions;
  • service providers (including IT service providers and consultants) who assist Tanda in providing our products and services;
  • related bodies corporate of Tanda (including related entities);
  • third parties in connection with any business sale; and
  • as required or authorised by any law.

Credit information

Contact and identifying information, such as:

  • your name, company name, address, billing address, email address, phone numbers, marital status;
  • alternative contact (name, address and phone number);
  • bank account, credit or debit card details;
  • details of required primary identification information (such as a current Australian drivers licence);
  • occupation and employment details (including, if applicable, payslips)

For full details relating to uses of Personal Information or Personal Data (as applicable) in relation to the use of credit information, please refer to our Credit Reporting Policy.

The types of uses we will make of information collected in connection with purchase of our services for this purpose include:

  • payment processing, including charging refunds (if applicable), credit card authorisation, verification and debt collection
  • in connection with the creation of an online account with us,  and you provide us with Personal Information or Personal Data (as applicable), we will use it for: processing transactions, general enquiries from you.
  • General administrative and security use as detailed in the “sales and enquiry” section above.

For full details relating to disclosures of Personal Information or Personal Data (as applicable) in relation to any credit information, please refer to our Credit Reporting Policy.

In summary, we may disclose this type of Personal Information or Personal Data (as applicable) to:

  • our contractors, agents and third party providers who undertake billing and credit services on our behalf;
  • third party providers who assist us in providing our products and services to you.

Marketing services

Contact information such as your name, company name, address, billing address, email address, phone numbers, username and password.

Website enquiries, such as your name, email address, phone number and any information you provide to us as part of your message.

Information in connection with our social media pages, including “likes”, comments posted, any of your oppositions or feedback, photos posted or uploaded and other information pertaining to your social media activities which concern, or relate, to us.

We may use your Personal Information or Personal Data (as applicable) to:

  • aggregate with other information and then to use it for marketing and consumer analytics;
  • to offer you updates on products, events or information that may be of interest to you;
  • for marketing and promotional activities by us (including by direct mail, telemarketing and email) such as our email alerts, product awareness information and newsletters;
  • for the uses detailed above in “sales and enquiries”.

We may also use your Personal Information or Personal Data (as applicable) if you create an online account with us or participate in our social media platforms (such as, Facebook, Twitter and LinkedIn) and you provide us with your Personal Information or Personal Data (as applicable), we will use it for:

  • adding account holders to the marketing database;
  • customer service related contact;
  • responding to social media messages; and
  • fulfilling social media platform rules.

We may disclose your Personal Information or Personal Data (as applicable) to third parties connected with the marketing process who assist us in providing our products and services to you.

Human resources

Contact information such as name, email address, current postal and residential address, phone numbers, country of residence, next of kin, emergency contact details.

Employee record information.

Identifying information such as your photos, passport and residency details, date of birth.

CV resume or application related information, such as the details provided in your resume or CV, your eligibility to work in Australia, your education, previous employment details.

Tax, superannuation and payroll information.

Background check information from third parties.

Medical or health information that you voluntarily provide to us as part of your pre-employment screening.

Performance related information.

Information collected from referees (as nominated by you).

Security information, such as CCTV footage and photographs taken on our premises.

Background checks are collected for the purpose of assessing the candidate for suitability for the role.

Utilising the information collection for administrative and performance monitoring use.

We may disclose your Personal Information or Personal Data (as applicable) to:

  • relevant superannuation companies;
  • government agencies, including but not limited to the Australian Taxation Office, Centrelink and the Child Support Agency;
  • relevant Worker’s Compensation organisation;
  • third party referees provide by you in connection with a job application;
  • service providers;
  • recruitment agents used in connection with your application with us;
  • third parties in connection with the sale of any part of our business or an entity that we own;
  • third parties in connection with obtaining any background checks, pre-employment screenings;
  • financial institutions for payroll purposes; or
  • as required or authorised by law.

III. How we collect and hold your Personal Information or Personal Data (as applicable)

As much as possible or unless provided otherwise in this Privacy Policy or a notification, we will collect your Personal Information or Personal Data (as applicable) directly from you.

We may collect Personal Information or Personal Data (as applicable):

  • In conversations with you and your employees, in person or by e-mail, fax and telephone;
  • From your employees when they interact the Services;
  • From third parties such as your employees, your accountant, related companies, credit reporting agencies or your representatives;
  • When we are required to do so by law; and
  • From our own records of your usage of Tanda services.

We may also collect Personal Information or Personal Data (as applicable) about you from other sources. For instance, when we collect information about you from third parties or from publicly available sources (e.g. court judgments, bankruptcy searches, Australia Post or social media platforms).

If we collect information about you from someone else, we will, wherever reasonably possible, make you aware that we have done this and why, unless this information is collected from any personal referee, from a publicly available source or as otherwise required by law.

Where we inadvertently collect Personal Information or Personal Data (as applicable) from you, or a third party in circumstances where we have not requested that Personal Information or Personal Data (as applicable) and we consider that it is not required, we will destroy or de-identify that information.

We take security of your Personal Information or Personal Data (as applicable) seriously, and will hold it securely and store it on infrastructure owned or controlled by us or with a third party service provider who has taken reasonable steps to assist us in complying with the Privacy Act 1988 (Cth).

If you use our website, we may utilise “cookies” which enable us to monitor traffic patterns, trends and to serve you more efficiently if you revisit our website. We may also gather your IP address as part of our business activities and to assist with operational difficulties or support issues with our services. This information does not identify you personally, but may identify your internet service provider. This information combined with other sources of Personal Information or Personal Data (as applicable) may enable us to identify you. If you do not wish for this to occur, you can set your browser to notify you of this and you may then accept or reject it.

IV. How we use your Personal Information or Personal Data (as applicable)

We provided a detail list in Section II of some common uses of your Personal Information or Personal Data (as applicable). Your Personal Information or Personal Data (as applicable) may be used to:

  • provide products and services to you;
  • collect payments and to administer your account;
  • provide you with updated or new information about our products or services;
  • conduct creditworthiness checks and/or fraud checks;
  • for development of existing and new products and services;
  • maintain and update our business infrastructure and systems;
  • actively promote our other products and services to you. If you do not wish to receive such communications please advise us;
  • for research into our client base and for related purposes by our research team including as aggregated (anonymous) benchmarking data.

V. Disclosing your Personal Information

We provided a detail list in Section II of some common disclosures of your Personal Information or Personal Data (as applicable).

In providing our products and services, or collecting and using your Personal Information or Personal Data (as applicable), we will always keep your data private to the maximum extent commercially and practically possible. In the normal course of business and in order to provide your service we may be required to disclose some of your Personal Information or Personal Data (as applicable) to organisations outside Tanda. Such organisations may include:

  • Our outsourced service providers, which are always carefully selected by us;
  • Your legal, accounting, financial or other professional advisors if you agree as part of the service;
  • Other software providers that you have authorised integration with as part of the service;
  • Credit- and/or fraud-reporting agencies if you use the service for making financial transaction instructions;
  • Organisations providing you with credit or financing;
  • Our legal, accounting, financial or other professional advisors and bankers;
  • Regulatory, government and other authorities as required by law;
  • Our subsidiaries and closely related organisations;
  • Other organisations involved in managing our trade receivables, business, financial affairs;
  • Other organisations subscribing to our client base research data which will be aggregated and anonymised.

We may also use and disclose your Personal Information or Personal Data (as applicable) and in doing so, we are not required to seek your further consent:

  • when it is disclosed or used for a purpose related to the primary purposes of collection detailed above and you would reasonably expect your Personal Information or Personal Data (as applicable) to be used or disclosed for such a purpose;
  • if the use or disclosure is necessary to lessen or prevent a serious or imminent threat to an individual’s life, health or safety or to lessen or prevent a threat to public health or safety;
  • if we have a reason to suspect that unlawful activity has been, or is being, engaged in; or
  • if it is required or authorised by law.

If we propose to or do disclose (or use) your Personal Information or Personal Data (as applicable) other than outlined in Sections II, IV or V then we must first notify you or seek your consent.

VI. Sensitive information

We may also collect sensitive information from you. Sensitive information is a subset of Personal Information or Personal Data (as applicable). It includes information or opinion about an individual’s racial or ethnic origin, political opinions, membership of a political organisation, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health information about an individual, genetic information, biometric information that is to be used for the purposes of automated biometric verification or biometric identification or biometric templates.

In general, we attempt to limit the amount of sensitive information collected from you, but inherent in the use of our product is the likelihood that we will collect sensitive information from you, and you will collect that from your employees.

We do not and will not use sensitive information to send you direct marketing communications without your express consent.

We may collect sensitive information from you, or you from your employees where you (or you employee, as the case may be) has consented and agreed to the collection of such information. We will endeavour to obtain this consent at or around the point in time in which we collect sensitive information.

VII. Direct marketing

You give your express and informed consent to us using your Personal Information or Personal Data (as applicable) in relation to direct marketing and sales as set out in this document.

Without limitation, if you have provided your inferred or implied consent (e.g. not opting out where an opt-out opportunity has been provided to you) or if it is within your reasonable expectation that we send you direct marketing material, then we may also use your Personal Information or Personal Data (as applicable) to send you direct marketing material.

We will provide you with the ability to opt-out from receiving any communications from us that you no longer wish to receive.

VIII. Credit information and Credit Reporting Policy

The Privacy Act 1988 (Cth) contains provisions regarding the use and disclosure of credit information, which applies in relation to the provision of both consumer credit and commercial credit. Please refer to our Credit Reporting Policy for more details.

As we provide terms of payments of accounts which are greater than 7 days, we are considered a credit provider under the Privacy Act. We use your credit information or the purposes outlined in Section II of this policy.

We will store any credit information you provide to us or we obtain about you with any other Personal Information or Personal Data (as applicable) we hold about you.

You may request access to your credit information in accordance with Section XIII, or make a complaint in accordance with Section XV.

IX. Anonymity

To the extent practicable and reasonable, we will endeavour to provide you with the option of dealing with us on an anonymous basis or through the use of a pseudonym.  However, there may be circumstances in which it is no longer practicable for us to correspond with you in this manner and your Personal Information or Personal Data (as applicable) may be required in order to provide you with our products and services or to resolve any issue you may have.

X. Cross border disclosure

Any Personal Information or Personal Data (as applicable) collected and held by us may be disclosed to, and held at, a destination outside Australia, including but not limited to Ireland, Estonia, Netherlands, Philippines, United Kingdom and the United States of America where we use third party service providers to assist us in providing Tanda’s platform and other services to you or overseas IT services (including software, platforms and infrastructure).  

Personal Information or Personal Data (as applicable) may also be processed by staff or by other third parties operating outside Australia who work for us or for one of our suppliers, agents, partners or related companies.

Disclosure may occur in countries other than those listed above, and we use service providers and platforms that can be accessed from various countries.

By submitting your Personal Information or Personal Data (as applicable) to Tanda, you expressly agree and consent to the disclosure, transfer, storing or processing of your Personal Information or Personal Data (as applicable) outside of Australia. In providing this consent, you understand and acknowledge that countries outside Australia do not always have the same privacy protection obligations as Australia in relation to Personal Information or Personal Data (as applicable). However, we will take appropriate steps to ensure that your Personal Information or Personal Data (as applicable) is used by third parties securely and in accordance with the terms of this Privacy Policy.

If you do not agree to disclosure of your Personal Information or Personal Data (as applicable) outside Australia by us, you should (after being informed of the cross border disclosure) tell us that you do not consent. To do this, either elect not to submit the Personal Information or Personal Data (as applicable) to us after being reasonably informed in a collection notification or by this Policy, contact us via the details set out at the top of this document.

XI. Accuracy of your Personal Information or Personal Data (as applicable)

We take reasonable precautions to make sure that the Personal Information or Personal Data (as applicable) we hold is accurate and up-to-date. To ensure this, we recommend that you notify us of errors, omissions or changes in your Personal Information or Personal Data (as applicable). This is especially important for information required for us to communicate with you, such as a change in name, email, phone number or address.

XII. Security of your Personal Information or Personal Data (as applicable)

Tanda takes reasonable steps to ensure that your Personal Information or Personal Data (as applicable) is protected from misuse, loss, unauthorised access, modification or disclosure. Some notable measures to ensure the security of your Personal Information or Personal Data (as applicable) include:

  • encryption, and regular backups of the database;
  • ensuring that the Personal Information or Personal Data (as applicable) we collect, use or disclose is accurate, complete and up to date;
  • protecting your Personal Information or Personal Data (as applicable) from misuse, loss, unauthorised access, modification or disclosure both physically and through computer security methods; and
  • destroying or permanently de-identifying Personal Information or Personal Data (as applicable) if it is no longer needed for its purpose of collection.

You will appreciate, however, that we cannot guarantee the security of all transmissions or Personal Information or Personal Data (as applicable), especially where human error is involved or malicious activity by a third party.

The security of this information is also dependent on your own measures to protect your email addresses and passwords from disclosure and unauthorised use.

XIII. Access to and correction of your Personal Information or Personal Data (as applicable)

You have the right to access any of your Personal Information or Personal Data (as applicable) that we hold, with some exceptions as allowed by law. To obtain a copy of this information, contact us and we will provide it to you. Tanda reserves the right to charge a reasonable fee for the provision of this information.

If you would like to correct any records of Personal Information or Personal Data (as applicable) we have about you, you are able to access and update that information (subject to the above exceptions) by contacting us via the details set out at the top of this Policy.

If you wish to get access to or to rectify any of your Personal Data as a resident of the European Union, please refer Section XVI below.

XIV. Your Authority

By continuing to use our products or services or website you consent to Tanda maintaining, using and disclosing your Personal Information or Personal Data (as applicable) as described in this document for a period of no less than seven years from the date of your last use of the system (or the date of the last use of the system by any user under your subscription, whichever is the latest).

XV. Resolving privacy complaints

We have put in place an effective mechanism and procedure to resolve privacy complaints. We will ensure that all complaints are dealt with in a reasonably appropriate timeframe so that any decision (if required) is made expeditiously and in a manner that does not compromise the integrity or quality of any such decision.

If you wish to make a complaint, please contact us at the details listed above (if your complaint relates to Personal Information collected from an Australian resident) or the details listed below (if your complaint related to Personal Data collected from a European resident).

In order to resolve a complaint, we:

  1. will liaise with you to identify and define the nature and cause of the complaint;
  2. may request that you provide the details of the complaint in writing;
  3. will keep you informed of the likely time frame within which we will respond to your complaint; and
  4. will inform you of the legislative basis (if any) of our decision in resolving such complaints.

We will maintain a register of all complaints, and any action taken.

XVI. European Union

In providing our products and services, or collecting and using your Personal Data, we are required to comply with the GDPR where you are a European Union resident.

The following defined terms have the associated meanings:

  • Data Subject” has the meaning attributed to that term in the GDPR.
  • GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC; and
  • Personal Data” means the Personal Data (having the meaning attributed to that term in the GDPR) of the Data Subjects whose data is processed for the purposes of, and under, your Service Agreement with us.

If you are a resident of the European Union for the purposes of the GDPR, then in addition to what is set out in Sections I to XV above, the following applies to you.

Tanda is a data processor for the purposes of the GDPR in the performance of services under our Services Agreement with you. Tanda is a data controller only in terms of the Personal Data of Tanda’s EU resident employees.

In general, Tanda processes the Personal Data under our services agreements with our customers, who in most cases are employers of Data Subjects.

In addition to your rights of access and correction as set out above, as a Data Subject you may:

  • (access) request access to your Personal Data held by Tanda;
  • (rectification) request to update or rectify any of the Personal Data that we hold about you by contacting us at the details specified above and request Personal Data updates;
  • (erasure) withdraw your consent to Tanda’s use of your Personal Data as described in this policy by deletion or erasure of your Personal Data that we hold where that data is no longer required for the purpose for which it was collected;
  • (restriction on processing) obtain from the controller (usually, this is your employer) a restriction on processing of your Personal Data where:
    • accuracy of the Personal Data is contested;
    • the processing by the processor is unlawful (and you oppose erasure but request restriction of use);
    • Tanda no longer needs your Personal Data; or
    • you have objected to processing pursuant to your right to object under Article 21(1) of the GDPR;
  • (data portability) request that Tanda:
    • provides you with a copy of the Personal Data that Tanda holds about you in a portable and machine readable form; or
    • share your Personal Data with a nominated third party,

If you wish to exercise any of your Data Subject rights, then please send your request in writing through your employer.

If we hold your Personal Data separate to your relationship as an employee of our customer, please submit your written request to the contact details set out below:

Workforce Success Ltd

Office 13, Wingate Business Exchange

64-67 Wingate Square

London  SW40AF

United Kingdom

Email: dpo@tanda.co

We will process your request promptly and in any event, within one month of receipt of receiving it.

If you have any concerns in relation to Tanda’s collection or processing of your Personal Data, then you also have a right to complain to a supervisory authority (within the meaning of the GDPR).

XVII. Consent, modifications and updates

This Privacy Policy is a compliance document prescribed by law rather than a legal contract between two or more persons. However, certain contracts may incorporate all of part of this Privacy Policy.

By using our website, purchasing a product or service from us, where you have been provided with a copy of our Privacy Policy or had a copy of our Privacy Policy reasonably available to you, you are acknowledging and agreeing to provide the consents given by you in this Privacy Policy and you have been informed of all of the matters in this Privacy Policy.

We reserve the right to modify our Privacy Policy as our business needs require. We will take reasonable steps to notify you of such changes (whether by direct communication or by posting a notice on our website). If you do not agree to our continued use of your Personal Information or Personal Data (as applicable) due to the changes in our Privacy Policy, please stop providing us with your Personal Information or Personal Data (as applicable) and contact us via the details set out at the top of this Policy (if you are an Australian resident from whom we have collected Personal Information) or in Section XVI (if you are a resident of the European Union from whom we have collected Personal Data).