We are committed to respecting your privacy and complying with our privacy obligations in accordance with all applicable data protection laws, including the Australian Privacy Principles contained in Schedule 1 to the Privacy Act 1988 (Cth) (the “Privacy Act“). We also comply with the EU General Data Protection Regulation (“GDPR“) but only to the extent it applies to the personal data that we process (“GDPR Data“).
Subscription/registration, payment, transaction and profile data. Data entered into and/or uploaded into the Cloud Services by our Customers and/or end users when accessing the Cloud Services. Data relating to communications between us and our Customers and end users. Analytics data. Cookies data.
Our policy is to minimise the amount of personal data we collect. Accordingly, we only collect personal data that is adequate, relevant and limited to what is necessary, in relation to the purposes for which they are processed. We collect personal data that you give us, whether by email, telephone, in person, via application forms or otherwise. We may also obtain personal data directly from third parties such as our resellers, related companies, installers, sales agents and any of their representatives. In addition, we may obtain personal data from public sources, where available. However, if it is reasonable and practicable to do so, we will collect personal data about an individual only from that individual. We will only collect GDPR Data for specified, explicit and legitimate purposes and we will not further process GDPR Data that we collect in a manner that is incompatible with those purposes. If you enter and/or upload into the Cloud Services and/or otherwise provide us with personal data about any person other than you, please notify us so that we can ensure that the data subjects are provided with the information required by Australian Privacy Principle 5 and Article 14 of the GDPR. We will not collect personal information (other than sensitive information) unless the information is reasonably necessary for one or more of our entity’s functions or activities and we will not collect sensitive information unless you consent to the collection and the sensitive information is reasonably necessary for one or more of our functions or activities, or we collect it pursuant to subclause 3.4 of the Australian Privacy Principles. Please notify us if you are not of old enough or not otherwise able to provide us with consent, and if so do not provide us with any consent for the purposes of applicable privacy law. We will not process any GDPR Data that is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation, except where permitted by the Australian Privacy Principles and the GDPR.
We use automated-decision making in our business to prioritise and allocate staff the subject of bookings made on our platform.
We only disclose personal data to third parties who perform services on our behalf to the extent necessary for them to perform those services. We do not sell personal data to third parties for their own marketing purposes and we only disclose the minimum amount of personal data required. We may disclose personal data that we collect to third parties for all or any of the following purposes:
We may also provide your personal data to our lawyers, insurers and professional advisors and any court or administrative body, for one or more of the following purposes:
CrewPayer may include links to, or interface with third party websites and platforms. Our linking to those websites and platforms does not mean that we endorse or recommend them. Where a customer or end user uses CrewPayer or the Cloud Services to provide personal data to a third party website or platform, the customer/end user does so at its own risk. We do not warrant or represent that any third party website or platform operator complies with applicable data protection laws. You should consider the privacy policies of any relevant third party websites and platforms prior to sending your personal data to them. You may interact with social media platforms via social media widgets and tools such as the Facebook Like button and the Facebook pixel that may be installed on CrewPayer. These widgets and tools may collect your IP address and other personal data. Your interaction with such widgets and tools, and any single sign-on services such as Open ID is governed by the privacy policies of the relevant social media operators and single sign-on service providers – please read them so that you are aware of how they process your personal data.
We protect personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage using appropriate technical or organisational measures. The technical and organisational measures that we have implemented are as follows:
We do not send “junk” or unsolicited e-mail in contravention of the Spam Act 2003 (Cth). We will, however, use e-mail in some cases to respond to inquiries, confirm purchases, or contact Customers and end users. These transaction-based e-mails are automatically generated. Anytime a Customer or end users or visitor receives e-mail it does not want from us they can request that we not send further e-mail by contacting us via email at firstname.lastname@example.org. Upon receipt of any such request, we will remove the person from our database to ensure that they cease to receive automated emails from us.
Subject to the following section “GDPR offshore transfers”, and provided that we comply with the provisions of the Australian Privacy Principle 8 (Cross-border disclosure of personal information), we may transfer your personal data to our contractors and service providers who assist us with providing our products and services to you, where we consider it necessary for them to provide that assistance. They are located in Australia and any country that our customers and end users are located in. We will only engage new third parties to process GDPR Data entered into and/or uploaded into the Cloud Services by you for us to process as a processor on your behalf (“subprocessors“) if you have authorised us to do so pursuant to a specific or general written authorisation and otherwise in compliance with the requirements of the GDPR.
We will not transfer GDPR Data about a person to any country or organisation outside of the European Union, except:
Unless otherwise agreed in writing by a data subject, any transfer by us of personal data that a data subject uploads and/or enters into the Cloud Services for us to process on their behalf (which is the subject of the GDPR) outside the European Union will not be carried out unless we have taken such measures as are necessary to ensure the transfer complies with all applicable data protection laws. This may include (without limitation) transferring pursuant to the standard contractual clauses approved by the European Commission (including those clauses annexed to Commission decision of 5 February 2010 (2010/87/EU) as amended or superseded), or transferring to a country or organisation in a country outside the European Union that the European Commission has determined provides adequate protection for personal data.
Subject to the provisions and exceptions set out in the Privacy Act and GDPR, under the Privacy Act and/or GDPR, you have a number of rights, including: (a) the right to request from us access to and rectification or erasure of your personal data or restriction of processing concerning your personal data; (b) the right to object to the processing of your data; (c) the right to data portability; (d) the right to withdraw consent (where you have consented to the processing of your personal data for one or more specific purposes); (e) the right to lodge a complaint with the Office of the Australian Information Commissioner or any supervisory authority; (f) the right to not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or it similarly significantly affects you. Some of the above rights are available under the GDPR, but not under the Privacy Act. Please contact us if you wish to exercise any of your rights, including the right to opt out of any communications that we send you. We will handle all such requests in accordance with our legal obligations. If you withdraw your consent for processing, object to the processing of your personal data or request us to erase your personal data and as a result it is not possible or practical for us to continue providing you with the Cloud Services, we may terminate your subscription and/or access to CrewPayer and charge you any applicable cancellation/termination fees in accordance with our Terms of Service.
Since 22 February 2018, data breaches that are likely to result in serious harm must be reported to affected individuals and the Office of the Australian Information Commissioner, except where limited exceptions apply. For the purposes of the GDPR, certain types of data breaches must also be reported to affected individuals if the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms. In addition, the GDPR requires organisations to report certain types of data breaches to the relevant supervisory authority. We will notify you of any data breach that may affect you where we are required to do so in accordance with our legal obligations.
CrewPayer is operated by Personnel Manager Australia Pty Ltd ABN 79 608 735 888 of Suite 1/ 736 Pacific Highway Sutherland NSW 2232. If you wish to contact us for any reason regarding our privacy practices or the personal data that we hold about you, please contact us at the following address:
Administrator Suite 1/ 736 Pacific Highway Sutherland NSW 2232 email@example.com We will use our best endeavours to resolve any privacy complaint within ten (10) business days following receipt of your complaint. This may include working with you on a collaborative basis to resolve the complaint or us proposing options for resolution. If you are not satisfied with the outcome of a complaint you make refer the complaint to the Office of the Australian Information Commissioner (OAIC) who can be contacted using the following details: Call: 1300 363 992 Email: firstname.lastname@example.org Address: GPO Box 5218, Sydney NSW 2001 In relation to GDPR Data, you may lodge a complaint with any relevant supervisory authority.