TENSOPAY

TENSOPAY PRIVACY POLICY

COVID-19 SERVICE

Last updated: 14 November 2020 (v1.0)

The contents of this privacy policy apply specifically and only to the COVID-19 tracing service provided by TensoPay Pty Ltd.

INTRODUCTION AND SUMMARY

Your Personal Information and privacy are of utmost importance to us. TensoPay is committed to protecting your privacy.

In offering the COVID-19 contact tracing service, TensoPay will:

limit the collection of Personal Information as much as practicable;
only use Personal Information collected from the use of our COVID-19 service to administer COVID-19 contact tracing; and
where a User has opted to create an account, use Personal Information only for the purpose of account creation, use and administration.

Specifically, any information collected for the purpose of COVID-19 contact tracing:

will not be sold, rented or otherwise distributed to any third party for any marketing purpose; and
will not be disclosed to anyone (other than yourself through the user dashboard), including any Operator, unless required under law or to fulfil (and only to fulfil) the purpose of COVID-19 contact tracing.

GENERAL

This document (“Privacy Policy”) explains the privacy rules applicable to all Personal Information collected or submitted when you access, install, or use the COVID-19 Contract Tracing Service provided by TensoPay Pty Ltd.

A different Privacy Policy applies depending on the type of user and/or their use of this platform:

For people or businesses providing a check-in portal to their staff or customers (“”) (“”).
For end users using the check-in portal (“”).
- to check-in for COVID-19 Contact Tracing purposes, on a one-off basis (“”); or
- in addition, to sign up for an account with TensoPay (“”).

This Privacy Policy does not limit or exclude any of your rights under any privacy laws.

You may not assign or transfer your rights or obligations under this Privacy Policy to any third party.

DEFINITIONS

“COVID-19 Service” means the software service provided by us for the purposes of COVID-19 contact tracing.

"Personal information" means information which either directly identifies you (like your name, email address, or billing information) or can be reasonably linked or combined to identify you (like an account identification number or IP address).

“Privacy Policy” or “Policy” means the policy set out in this document (including without limitation any amendments, variations, restatements or replacements).

“TensoPay”, “we”, “us”, “our” and any associated or cognate terms means TensoPay Pty Ltd, and includes its authorised employees or agents.

“User” means either an Operator or a Customer, as the context allows, and includes its authorised employees or agents.

“You”, “your” and any associated or cognate term refers to the relevant User or its employees or agents, as appropriate.

All other definitions and capitalized words used in this Privacy Policy are defined here or in our General Terms.

AGREEMENT

By visiting our websites, using our services, accessing, installing and/or using the Services, and submitting your Personal Information to us, you confirm that you have read this Privacy Policy and agree to be bound by this Privacy Policy.

If you disagree with the rules of this Privacy Policy, do not use our Services.

CHECK-IN PRIVACY POLICY

This section of the Privacy Policy (Check-in Privacy Policy) applies specifically to Customers and their Check-in Data.

What data do we collect?

We will collect and keep records of certain Personal Information checking in for the purpose of COVID-19 contact tracing, being:

(a) Your full name;

(b) Your contact phone number;

(d) The check-in date, time and venue for the purposes of COVID-19 contact tracing.

Together, such Personal Information is referred to as “Check-in Data”.

In addition, we will keep records of:

(a) any communication with TensoPay in relation to Check-in Data; and

(b) any use or disclosure of such check-in Data (which must only be made in accordance with this policy).

We will not retain any other Personal Information under the Check-in Privacy Policy, such as IP addresses, software or hardware devices, geolocation, clickstream, or pixel tags (also known as web beacons or clear gifs).

We may collect anonymised data that is not personally identifiable to you (such as the total number of Customers for a location), for statistical or technical purposes, or to improve reliability.

All of our data is encrypted and stored in Australia on AWS servers.

You agree and warrant that all Check-in Data you provide is truthful, accurate and complete.

Who do we collect your Personal Information from?

We may collect Personal Information about you from:

you, when you provide that Personal Information to us, including via our website or the COVID-19 tracing service, through any registration process and through any contact with us (e.g. telephone call, email or through our web portal); or
third parties where you have expressly authorised us to do so, or if the information is publicly available.

Where possible, we will collect Personal Information from you directly.

How can we use any Personal Information collected?

Any Personal Information collected using TensoPay’s check-in service may only be disclosed or used for the purpose of:

contacting you to inform you of any updates to this Privacy Policy, or in connection with any use or disclosure of your Personal Information;
contact tracing for COVID-19 purposes;
complying with a requirement or direction of an authority, if we reasonably believe that we are required to comply with that authority’s requirement or direction;
complying with any law or any of our legal obligations; or
to respond to communications from you.

We will inform you, via the email address provided, of the disclosure or use of any Check-in Data.

We will not use collected Personal Information for any other purpose.

Specifically, in using our service for COVID-19 tracing purposes in Australia, we will not sell, rent or share any Personal Information we have collected for any marketing or other purpose unrelated to COVID-19 contact tracing, unless you have expressly given us your consent to do so.

We will not share any Personal Information about your use of the service with any social media, advertising or analytics providers.

If you sign up to one of our other services, such as for our payment platform, please refer to the privacy policy applicable to that service.

Your Access to Check-in Data

You may at any time access your Check-in Data we have collected, by logging in through our web portal and accessing the user dashboard.

You must have signed up to an account with us in order to access the web portal.

Management and deletion of Personal Information

Pursuant to the COVID-19 contact tracing requirements, Check-in Data is required to be kept for a minimum period of 28 days.

If you have signed up for an account with us, you may view and manage the Check-in Data through the user dashboard on our web portal. You may delete any Check-in Data that is older than 28 days old, and you may also elect to have such data automatically deleted after 28 days.

If you have not signed up for an account with us, we will retain the Check-in Data for the minimum period of 28 days, following which we will automatically delete such Check-in Data.

In the event that contact tracing measures are ended, all Check-in Data will be deleted.

ACCOUNT PRIVACY POLICY

This section of the Privacy Policy (Account Privacy Policy) applies specifically to Customers’ Personal Information in connection with the creation and administration of an account created with TensoPay.

What data do we collect?

We will collect and keep records of certain Personal Information checking in for the purpose of account creation, use and administration, being:

(a) Your full name;

(b) Your contact phone number;

(d) Your access credentials for the purposes of administering login access;

(e) Any communication with TensoPay; and

(f) Any use, disclosure or management of such Personal Information (which must only be made in accordance with this policy).

We will not retain any other Personal Information under the Account Policy, such as IP addresses, software or hardware devices, geolocation, clickstream, or pixel tags (also known as web beacons or clear gifs).

We may collect data that is not personally identifiable to you (such as traffic), for statistical or technical purposes, or to improve reliability.

All of our data is encrypted and stored in Australia on AWS servers.

You agree and warrant that all Personal Information you provide is truthful, accurate and complete.

Who do we collect your Personal Information from?

We may collect Personal Information about you from:

you, when you provide that Personal Information to us, including via our website and the COVID-19 tracing service, through any registration process and through any contact with us (e.g. telephone call, email or through our web portal); or
third parties where you have expressly authorised us to do so, or if the information is publicly available.

Where possible, we will collect Personal Information from you directly.

How can we use any Personal Information collected?

Any Personal Information collected in connection with account creation, use and administration may only be disclosed or used for the purpose of:

contacting you to inform you of any updates to this Privacy Policy, or in connection with the creation, use or deletion of your account;
responding to any communication from you;
complying with a requirement or direction of an authority, if we reasonably believe that we are required to comply with that authority’s requirement or direction; or
complying with any law or any of our legal obligations.

Your account will hold all of your Check-in Data, which you may access and manage at any time.

We will not use collected Personal Information for any other purpose.

Specifically, in creating an account with us for COVID-19 tracing purposes in Australia, we will not sell, rent or share any Personal Information we have collected for COVID-19 contact tracing purposes, for any marketing or other purpose unrelated to COVID-19 contact tracing, unless you have expressly given us your consent to do so.

We will not share any Personal Information about your use of the service with any social media, advertising or analytics providers.

Deletion of Account

You may, through the user dashboard on our web portal, request that your account be deleted.

If there is any Check-in Data that is required to be retained (including if any new Check-in Data is required), we will delete your account but we will continue to retain any Check-in Data for the minimum period required. We will deal with that Personal Information in accordance with the Check-in Privacy Policy.

Account suspension and removal

We reserve the right, at our sole discretion, to suspend or delete at any time and without notice, any User account which we deem inappropriate, offensive or in violation of our terms of service.

The suspension or deletion of User accounts shall not entitle Users to any claims for compensation, damages or reimbursement.

The suspension or deletion of accounts due to causes attributable to the User does not exempt the User from complying with any of its obligations, whether under contract or under law.

OPERATOR PRIVACY POLICY

This section of the Privacy Policy (Operator Privacy Policy) applies specifically to an Operator’s Personal Information relating to the creation and administration of an account created with TensoPay by an Operator to facilitate the Operator complying with its COVID-19 contact tracing obligations, by way of recording the details of customers attending its Premises.

What data do we collect?

We will collect and keep records of certain Personal Information checking in for the purpose of setting up the contact tracing facility and account creation, use and administration, being:

(a) Your business name and details, such as address and telephone number;

(b) Your full name;

(d) Your email address;

(e) Your access credentials for the purposes of administering login access;

(f) Any communication with TensoPay; and

(g) Any use, disclosure or management of such Personal Information (which must only be made in accordance with this policy).

We will not retain any other Personal Information under the Operator Privacy Policy, such as IP addresses, software or hardware devices, geolocation, clickstream, or pixel tags (also known as web beacons or clear gifs).

We may collect data that is not personally identifiable to you (such as traffic), for statistical or technical purposes, or to improve reliability.

All of our data is encrypted and stored in Australia on AWS servers.

You agree and warrant that all Personal Information you provide is truthful, accurate and complete.

Who do we collect your Personal Information from?

We may collect Personal Information about you from:

you, when you provide that Personal Information to us, including via our website and the COVID-19 tracing service, through any registration process and through any contact with us (e.g. telephone call, email or through our web portal)
third parties where you have expressly authorised us to do so, or if the information is publicly available.

If possible, we will collect Personal Information from you directly.

How can we use any Personal Information collected?

Any Personal Information collected in connection with account creation, use and administration may only be disclosed or used for the purpose of:

contacting you to inform you of any updates to this Privacy Policy, or in connection with the creation, use or deletion of your account;
responding to any communication from you;
complying with a requirement or direction of an authority, if we reasonably believe that we are required to comply with that authority’s requirement or direction; or
complying with any law or any of our legal obligations.

We will not use collected Personal Information for any other purpose.

We will not share any Personal Information about your use of the service with any social media, advertising or analytics providers.

Pursuant to our privacy commitment to Customers, we are not permitted to disclose to you Customers’ Personal Information. We may only provide Customers’ Personal Information to the appropriate contact tracing authority only as required.

We may, if considered appropriate and provided it does not compromise the intent of the Privacy Policy so far as it relates to Customers, disclose anonymised aggregate data (which will not contain any personally identifiable information).

Deletion of Account

You may, through the user dashboard on our web portal, request that your account be deleted. However, you will no longer be able to utilise our Service for COVID-19 contact tracing purposes.

If there is any Check-in Data that is required to be retained (including if any new data is required), we will delete your account but we will continue to retain any Check-in Data for the minimum period required. We will deal with that Personal Information in accordance with the Check-in Privacy Policy.

Account suspension and removal

We reserve the right, at our sole discretion, to suspend or delete at any time and without notice, any User account which we deem inappropriate, offensive or in violation of our terms of service.

The suspension or deletion of User accounts shall not entitle Users to any claims for compensation, damages or reimbursement.

The suspension or deletion of accounts due to causes attributable to the User does not exempt the User from complying with any of its obligations, whether under contract or under law.

USE OF COOKIES

A cookie is a small file placed on your computer or device by our server. We do not operate our own server and our web site is hosted externally, so we may not have control on the cookies that are placed on your computer. You can elect to configure your settings in your internet browser or device to control how and whether cookies are used. However, doing so may hinder your use of our service. Most devices are set to accept cookies by default.

To the extent within TensoPay’s own control, TensoPay will only use cookies to:

customise the website for you;
record statistics;
satisfy security protocols; or
authenticate or identify whether you are registered or logged in, without requiring you to re-enter details each time you log on to our web site.

In the event that contact tracing measures are ended in the country or territory in which you have completed a check in, all contact-tracing Personal Information will be deleted.

HOW DO WE KEEP YOUR INFORMATION SAFE?

We have implemented technical and organizational measures intended to maximise the security of any Personal Information and data that we hold and that is within our control. However, no company can guarantee the absolute security of internet communications. By using our Services, you expressly acknowledge that we cannot guarantee the security of any data provided to or received by us through the Services and that any information received from you through the website or our Services is provided at your own responsibility. We will use best endeavours to protect your Personal Information to the extent, but you should only access the services within a secure environment.

Users are responsible for keeping their login credentials confidential and safe. For this reason, although we issue a randomised password upon account creation, Users are also required to choose passwords that meet the standards of strength required by our Service.

By registering, Users agree to be fully responsible for all activities that occur under their username and password.

Users are required to immediately advise TensoPay if there is a risk that their Personal Information, including but not limited to accounts, access credentials or personal data, has been violated, unduly disclosed or stolen.

WHAT ARE YOUR OTHER PRIVACY RIGHTS?

You are entitled to:

(a) request access and obtain a copy of your Personal Information;

(b) request rectification or erasure;

(d) if applicable, a right of data portability; and

(e) object to the processing of your Personal Information.

To make such a request, please contact us on the details provided below. We will duly consider and act upon any request in accordance with applicable laws.

If we are relying on your authority or consent to process your Personal Information, you may withdraw your authority or consent at any time. Such withdrawal will not affect the lawfulness of the processing before its withdrawal.

AUSTRALIAN PRIVACY PRINCIPLES (APP) AND THE PRIVACY ACT 1988

TensoPay COVID-19 Service is fully compliant with Australian Privacy Principles (APP) and the Privacy Act 1988. See link for more information: https://www.oaic.gov.au/privacy/australian-privacy-principles/

OAIC GUIDANCE FOR CONTACT TRACING PROVIDERS

TensoPay COVID-19 Service is fully compliant with the Office of The Australian Information Commissioner's (OAIC) guidance for digital checkin providers collecting Personal Information for contact tracing. See link for more information: https://www.oaic.gov.au/engage-with-us/consultations/guidance-for-digital-check-in-providers-collecting-personal-information-for-contact-tracing/

LINKS TO EXTERNAL WEBSITES

Our website may include links to other websites whose privacy practices may be different from ours. If you submit Personal Information to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any website you visit.

UPDATES TO PRIVACY POLICY

We may update or modify this Privacy Policy at any time, at our sole discretion, for any or no reason, and without liability, but we will give you 14 days’ notice. Unless stated otherwise, the change will apply from the expiry of the 14-day notice period.

The date of the most current wording of the Privacy Policy is indicated at the top of the text. All Users must ensure that they are familiar with the most current wording of the Privacy Policy. The amendment of the Privacy Policy may be communicated to you by sending an email and/or by publishing the updated Privacy Policy on this website.

CONTACT

If you wish to contact us in relation to this Privacy Policy, please send an email to privacy@tensopay.com.