1. Privacy Policy
1.1 Background
This policy details our commitment to maintaining our stakeholders’ privacy in accordance with privacy laws and principles. The below sections detail how Azupay treats privacy when dealing with prospective and/or existing customers, employees including full & part time employees, contractors, third parties such as suppliers and other stakeholders whose personally identifiable information we may process and/or store.
1.2 Application of Policy
This policy applies to all Azupay staff including, but not limited to, permanent employees, part-time and contracted employees, as well as Azupay’s Board of Directors. All individuals we hold personal information on are in scope and referred to as stakeholders within this policy, which includes but is not limited to customers, clients, partners, suppliers, employees, contractors, board members and shareholders.
1.3 Privacy Policy
At Azupay, we are required under privacy laws to protect the privacy of our customers, clients, employees and any other stakeholders whose personal information we hold, whether they speak to us or communicate electronically, or as an online visitor to our website, and all information recognised and personally identifiable. Azupay uses the information collected to maximise the services it provides. We respect the privacy and confidentiality of the information provided by individuals and are committed to handling personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). The Australian Privacy Principles (APPs) are overseen and enforced by the Office of the Australian Information Commissioner (OAIC) and can be accessed on the OAIC’s website through this link.
1.4 Collection of Personal Information
Azupay defines Personal Information in line with the Australian Privacy Act (1988) and OAIC Australian Privacy Principles definition; Personal information includes a broad range of information, or an opinion, that could identify an individual. Azupay may handle information such as individuals names, signatures, addresses, phone numbers, date of birth; employee record information, IP addresses, location information, credit information and other information that may be considered sensitive information. In the course of conducting business, Azupay may collect information that falls within this definition from a broad range of stakeholders, depending on the nature of Azupay’s relationship and interactions with the stakeholder.
1.5 Information we collect from customers
In the course of individuals visiting Azupay’s website or use our products and services, Azupay may obtain the following information: name, company name, email address, telephone number, payment details, billing address, geographic location, IP address, survey responses, support queries, blog comments and social media handles.
In accordance with the APPs (APP 13 – Correction of Personal Information), customers have the right to access and correct the personal information Azupay holds about them, subject to certain exceptions under Australian law. Customers can review, correct, update or delete Personal Information by contacting Azupay at: [email protected].
1.6 Digital Session Tracking
Azupay may utilise digital session tracking technology to assist in delivering services securely to customers, such as cookies, single-pixel gifs and web beacons. This can include capture and storage of session information to authenticate and authorise user sessions, support security features and detect malicious activity such as delivering anti-fraud capabilities to user transactions and includes information such as IP address, use of browser cookies for session management, preference tracking and analytical purposes, and the use of digital analytics to measure & improve user experience and inform optimisation efforts. Digital session tracking is utilised across domains operated by Azupay and corporate affiliates.
1.7 Information we collect on other stakeholders
Azupay may require the collection and processing of personal information on stakeholders besides customers in the course of business, such as:
- Employment and employee related information required to conduct business, which may include employee and contractor personal information related to human resources and payroll needs, employee record information, tax file numbers, identification documents, credit data, criminal records and other data related to employee screening.
- Third party data, such as supplier and partner data and client data. Due to Azupay’s nature as a financial services provider, collection of this data may include information deemed as personal information under the Australian Privacy act, such as data provided during the course of Azupay conducting Know-Your-Customer (KYC) and Anti-money-laundering (AML) obligations, third party risk assessments, client onboarding, supplier onboarding, and other activities that may require the storage and processing of personal information. Due to the compliance nature of these activities, some data may be classified as sensitive information.
1.8 Information we collect from other sources
Azupay may also collect information of individuals from third parties such as government agencies, credit rating providers, banking & payment partners and corporate verification services, based on a customer’s application or to confirm the veracity of a bank account
1.9 How we use personally identifiable information
Personally Identifiable Information: Azupay will use the information it collects to deliver its products and services to its customers in a compliant manner. Including, communicating with customers, providing technical support, notifying customers of updates and offers, sharing useful content, measuring customer satisfaction, diagnosing problems providing customers with a personalised website experience and undertaking processes to verify the identity of a payee before completing a payment.
Marketing communications are only sent to customers if customers have requested or subscribed to them. Under privacy laws, customers can opt out of marketing communications at any time by unsubscribing or emailing Azupay who has a duty under privacy to act promptly to the customer’s request.
Non-Personally Identifiable Information: Azupay can use the information it collects in aggregated and anonymised forms to improve the services, including: administering our website, producing reports and analytics, advertising our products and services, identifying user demands and assisting in meeting customer needs generally.
Any information customers choose to make publicly available, such as blog comments and testimonials on Azupay’s website, will be available for others to see. This can continue even if customers remove this information, copies may remain viewable in cached and archived pages on other websites or if others have copied or saved the information.
1.10 Storage and security of personal information
We will use all reasonable means to protect the confidentiality of personal information while in our possession or control. All information we receive from stakeholders is stored and protected on our secure platforms from unauthorised use or access and in accordance with the Australian Privacy Principles.
To enable Azupay to deliver its services, Azupay may transfer information that it collects, including Personal Information, across borders for storage and processing in countries other than Australia. If Personal Information is transferred and processed outside Australia, it will only be transferred to countries that have equivalent privacy protections required by Australian business under Australian privacy laws.
Azupay retains an individual’s personal information for as long as needed to provide its services and to the extent that law dictates to retain after a transaction has occurred and other relevant regulation. This is to ensure that Azupay complies with its legal obligations, can resolve disputes, and respond to legal requests for information, and enforce agreements.
In the event there is a breach of Azupay’s data security and Personal Information is compromised, we will promptly notify affected stakeholders in compliance with the applicable law.
1.11 Sharing personal information with third parties
Azupay does not and will not sell or deal in Personal Information or any customer information.
Personal Information details are only disclosed to third party suppliers or banking and payment service providers when it is required by law, for goods or services which a customer has purchased, for payment processing, confirming bank accounts or to protect our copyright, trademarks, compliance with NPP Scheme rules and other legal rights. To the extent that Azupay may share Personal Information with a service, banking and payments service provider, Azupay would only do so if that party has agreed to comply with Azupay’s privacy standards as described in this privacy policy and in accordance with NPP Scheme rules and applicable law. Azupay’s contracts with third parties prohibit them from using any Personal Information for any purpose other than that for which it was shared.
1.12 Disclosure of personal information.
Azupay may from time to time need to disclose certain information, which may include an individual’s Personal Information, to comply with a legal requirement, such as a law, regulation, court order, subpoena, warrant, payment investigation and in the course of a legal proceeding or in response to a law enforcement agency request. Also, Azupay may use Personal Information to protect the rights, property or safety of Azupay, its customers or third parties.
Azupay participates in the Confirmation of Payee (CoP) service to enhance payment security and reduce fraud. This involves both receiving information from other banks to verify payments you make and providing information to other banks to verify payments to your account. For payments you make, we may receive the name associated with the recipient’s bank account from their financial institution for you to confirm prior to making a payment to this account. For payments to your account, you consent to us providing your bank account name, BSB, and account number to the payer’s financial institution for verification. Azupay will only share this information for CoP purposes and with your consent or as required by law or a compliance requirement of our participation in the NPP Scheme.
If there is a change of control in one of Azupay’s businesses (whether by merger, sale, transfer of assets or otherwise) customer information, which may include Personal Information, could be transferred to a purchaser under a confidentiality agreement. Azupay would only disclose Personal Information in good faith and where required by any of the above circumstances.
1.13 Children’s Data
Azupay does not knowingly collect or process personal data from children under 16 years of age, however as an account to account payment processing facilitator, metadata related to transactions may contain personally identifiable information such as names and payIDs associated with children under 16 years of age may be processed by Azupay.
1.14 Azupay Privacy Notice – Data Transfers & GDPR Compliance
Azupay is headquartered in Australia. Information we collect about you will be processed in Australia. By using Azupay’s services, you acknowledge that your personal information will be processed in Australia. Australia has not sought nor received a finding of “adequacy” from the European Union under Article 45 of the GDPR.
1.14.1 Applicability of GDPR
Azupay does not have a physical presence in the European Economic Area (EEA) or the United Kingdom (UK). However, GDPR may apply when Azupay:
- Offers goods or services to individuals located in the EEA/UK (even if no payment is required).
- Monitors the behaviour of individuals in the EEA/UK, such as tracking for advertising or analytics purposes.
If these conditions do not apply, the GDPR may not govern Azupay’s processing of your data. However, Azupay remains committed to strong data protection practices in line with international privacy standards.
1.14.2 Data Transfers & Safeguards
Azupay applies strict security and privacy safeguards to ensure that your data is handled in compliance with GDPR and Australia’s Privacy Act 1988 (Cth). Where required, data processing agreements (DPAs) and supplemental measures are put in place with third-party vendors handling personal data.
1.14.3 Onward Transfers & Third-Party Processing
Azupay only shares your data with trusted third-party service providers, including cloud providers and account to account transaction processors.
1.14.4 Government Data Access Requests
Azupay will provide data to government and regulatory bodies in line with requirements under Australian privacy law if the requests are deemed to be lawful
1.14.5 Your GDPR Rights (Where Applicable)
If GDPR applies to Azupay’s processing of your personal data, you may have the following rights in the EEA and UK:
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure (right to be forgotten)
- Right to restrict processing
- Right to data portability
- Right to object
- Rights related to automated decision-making and profiling
To exercise any of these rights, please contact us at [email protected]. If you believe your data has been misused, you also have the right to file a complaint with your national data protection authority or the European Data Protection Supervisor, if applicable., if applicable.
1.15 Change in privacy policy
Azupay ensures its privacy policy remains current however, it is subject to change which may result from changes to its operations or law. Any changes made by Azupay to its privacy policy will remain under the requirements of law.
1.16 Customers can Contact Azupay
Azupay customers can contact Azupay at anytime if they have any complaints, questions or concerns about its privacy policy at compliance@azupay.com.au and Azupay will commit to respond within two business days.
If customers have a privacy-related complaint, please contact us at [email protected]. Or via our web form https://azupay.com.au/contact-us/
If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.
Mail: Office of the Australian Information Commissioner
GPO Box 5288, Sydney NSW 2001
Telephone: 1300 363 992
Email: Enquiry Form
Online Compliant Form: Privacy Complaint Form
