Welcome to Employment Hero! We value the trust you place in us when providing us with your Personal Information, and we aim to protect your information to the highest of standards as we provide our products and services to you.
At Employment Hero, we are committed to safeguarding the privacy of our customers and end-users (“you” or “your”) who visit our websites, use or request our Services (including any financial services products and any other apps or services we may offer), or engage with us in any way including participating in any of our events or promotions.
- Swag app
- Employment Hero HR and Payroll Platform (Employment Hero Platform)
- Applicant Tracking System (ATS) (also known as the Career Pillar in the Swag app)
- Global Teams employer of record services
- Hero Passport
(together, known as the “Services”)
4: Who are we?
In this policy, “Employment Hero”, “we”, “us” or “our” means Employment Hero Pty Ltd. If you want to know more about who we are, please see our list of Employment Hero affiliates here.
5: What is Personal Information?
The term “Personal Information” means any information, opinion, or data that we collect about an individual where that individual is identified or where that individual is reasonably identifiable. It also includes “personal data”, or similar terms as defined in any applicable privacy or data protection laws.
“Personal Information” is information or opinions about you which:
- can be used to identify, contact, or locate you; or
- can be combined with other information that is linked to you.
If you can’t be identified (for example, when Personal Information has been aggregated and anonymised) then this notice doesn’t apply.
A subset of Personal Information is “Sensitive Information”. Sensitive information includes information or an opinion about a person’s race, gender diversity, sexual orientation, disability, ethnic origin, political opinions, membership of a political association, membership of a professional or trade association, heath, religious or philosophical beliefs, and criminal history.
6: What Personal Information do we collect?
The types of Personal Information we may collect, and hold will vary depending on your dealings with us through your use of our Services.
We may collect, use, or disclose Sensitive Information with your consent when providing our Services to you. We may also process your ‘Sensitive Information’ held in the documents uploaded to our platforms or apps by or on behalf of you.
a) Personal Information we collect when you use our Services
We may collect Personal Information from you as a customer or end-user of our Services. Personal Information we collect when you use these Services may include, but is not limited to, the following:
- individual information including name, date of birth, age, gender, sex, marital status, and profile photo;
- business information including company or business name, and other information regarding your business and/or employees that can be used to identify an individual;
- contact information including residential and/or postal address, email address, telephone number, and social media handles;
- current and past employment related information including occupation or job title, information relating to your current employer, information relating to your former employer and role, key dates relating to your current role and/or past roles, superannuation information, salary and/or pension details including documents such as payslips and payment summaries, timesheets, performance reviews and workplace engagement information, citizenship and visa status for work eligibility purposes, emergency contact information, and tax information;
- recruitment related information including job vacancy details, profile photo, company details relevant to the job posting such as work location and contact emails, and the name and contact details of any personnel involved in the recruitment process;
- billing information including payment details such as banking, or debit/credit card details; and
- sensitive information including health or disability information, biometric information, immigration information, criminal history and background checks, and any diversity related information such as racial and/or ethnic origin.
b) Personal Information we may collect when providing additional products and services through our Services may further include, without limitation:
- group certificates, payslips, and other income or earnings information;
- proof of identity documentation, such as passports, drivers licence, Medicare number and birth certificates;
- financial information, including but not limited to, home loans, credit cards, vehicle loans and personal loans;
- utility bills including internet services;
- health and life insurance policy statements;
- information relevant to your lifestyle options including but not limited to, health and fitness information, entertainment services and mobile services;
- information relevant to your financial needs and objectives;
- information relevant to your assets and liabilities, income, and expenses; and
- information relevant to your investment preferences and attitude or tolerance to risk.
c) Personal Information we collect from your other interactions with us
We collect Personal Information when you interact with us, such as when you use our websites, communicate with us via email, telephone, social media or chatbots, make enquiries regarding demos, attend or participate in our events, or when we collect feedback from you on the Services we provide. The Personal Information we may collect in these circumstances include your name, business name, address, email, phone number, company/employer, job function, team size, date, time, reason for contacting us, survey and research responses, social media information, and call recordings.
d) Personal Information we collect from you automatically
We automatically collect usage information when you browse our websites or use our Services to improve our Services and enhance your user experience. This information includes digital interactions data, i.e., how you use our digital properties (including our websites, third-party websites, social media sites, apps and electronic communications), metadata (collected on an anonymous basis), consumer analytic data (collected on an anonymous basis but which can be attributed to you based on other information we have about you), log file information, information about the type of device and operating system used by you, location information, computer IP addresses, and marketing and cookie preferences, including any consent you have given us.
e) Personal Information we collect from you about third parties
7: How is your Personal Information collected?
We only collect the Personal Information that you give us when you use our Services, and through your other interactions with us. We may also collect your Personal Information from third parties where it is necessary for the purposes of providing our Services to you.
a) Collection of Personal Information directly from you
We collect Personal Information directly from you:
- when you use our Services, and/or interact with our websites, platforms, and apps, such as when you input your details or upload documents into your account through use of the Employment Hero Platform or Swag app;
- by dealing with you in person or over the phone, for example when asking for contact details from you so you can sign up to a free trial, or request support;
- virtually through electronic communications including emails, SMS, or video conference, or through our, platforms, apps, social media platforms, and websites, including through the use of sign-up features and chatbots; and
- when you fill out and submit registration forms, and customer feedback or survey forms.
b) Collection of Personal Information from third parties
We may collect Personal Information about you from third parties in the process of providing our Services to you in the following ways:
- if you are an individual employed through our Global Teams employer of record services, we may collect Personal Information from the party that has engaged us as a Global Teams employer of record services customer;
- if you have subscribed to our ATS services, we may collect Personal Information about you from the job poster or the job applicant (depending on which role you represent), through third-party job application platforms which are integrated with the ATS service, or through in-app communications; and
- we may receive Personal Information about you from your superannuation fund when verifying your membership with them and providing our Superannuation services to you.
We may also collect your Personal Information from third parties where you have provided consent, or where such Personal Information is provided under a legal basis. This includes, but is not limited to, circumstances where an employer provides information about employees through our platforms or apps. This also includes where Personal Information is collected through third-party APIs, or by third party service providers including social media sites who are permitted to disclose that information to us to support our delivery of Services or direct marketing activities.
We may also collect Personal Information about you through our Related Bodies Corporate or affiliates.
If someone has entered your Personal Information onto our platforms or apps on your behalf, you’ll need to contact that user for any questions you have about your Personal Information (including when you want to access, correct, or amend, the information, or request that the user delete your Personal Information).
8: How we use your Personal Information
a) How your Personal Information is used in the general provision of our Services
The primary purpose for which we collect Personal Information about you is to enable us to perform our business activities and provide our Services to you. We collect, hold, use, and disclose your Personal Information for the following purposes:
- to provide our Services to you, including the Employment Hero Platform, Swag app, ATS services, Global Teams employer of record services, and Hero Passport;
- to manage and enhance our Services, to personalise and customise your experience with our Services, and to provide you with any necessary support to receive our Services;
- to provide you with information about our existing and new products and services (including for direct marketing purposes as described below);
- to verify your identity and enable us to monitor suspicious or fraudulent activity;
- to investigate any complaints made by you, or made about you;
- to investigate any suspected breach of any of our terms and conditions or unlawful activity engaged in by you;
- for any other purpose we reveal to you at the time of collection; and
- to meet our obligations and exercise our rights under applicable laws.
We may use Personal Information for the purpose of allowing third parties to provide additional products and services to you where you made such a request or have given us consent to do so.
If you do not provide us with the Personal Information described in this policy:
- we may not be able to provide you with information about our Services that you requested;
- we may not be able to provide you with a subscription and access to our Services that you requested; and
- we may not be unable to tailor the content of our Services to your preferences and your experience of our Services may not meet your desired needs.
b) How your Personal Information is used in providing Superannuation services
Where we have a relationship with your superannuation fund, we make the services of superannuation funds accessible to you through the Employment Hero Platform and the Swag app (Superannuation services). We make no representations or warranties in relation to the privacy practices of any superannuation fund. Superannuation fund websites are responsible for informing you about their own privacy practices and policies. Our Superannuation services will include providing you with a link to connect with, and access, the services of your superannuation fund.
Where you have subscribed to our Superannuation services, we may collect, hold, use, and disclose your Personal Information to allow our partner superannuation funds to check your membership with them. If your membership with a partner superannuation fund is verified, then we will only continue to use your Personal Information to provide you with access to the services of your chosen superannuation fund and provide other related products and services to you.
You can opt out of receiving access to these Superannuation services at any time by unsubscribing from the service through the Employment Hero Platform or the Swag app.
9: How can we share your Personal Information
a) Sharing of Personal Information when providing our Services
- our employees, Related Bodies Corporate (see list of affiliates page), contractors for the purposes of the delivery and operation of our Services, and fulfilling requests by you;
- our Related Bodies Corporate for the purposes of the delivery of their services to you where you have subscribed to their services, or where they integrate with us to provide our Services;
- our existing or potential agents, business partners, contractors, event partners, joint venture entities or partners to enable us to perform our business activities and provide our products and services to you;
- relevant authorities and institutions including the tax authorities, payroll providers, banks, financial institutions and superannuation providers in connection with the provision of our Services or if required by law;
- relevant third parties in connection with or contemplation of (including as part of due diligence process) any merger, acquisition, reorganisation, financing, sale of assets or insolvency event involving us or our affiliates;
- your employer, if you use our Services in connection with your employment;
- third parties by sharing aggregated data or data that has been stripped of personally identifying characteristics; and
- the police, any relevant authority or enforcement body, or your internet service provider or network administrator if required by law or we consider it necessary for the protection of our systems or for the prevention or detection of illegal activity.
b) Sharing of Personal Information specific to our Applicant Tracking System (ATS) (or the Career pillar on the Swag app)
To provide our ATS services, we facilitate the connection between job posters and job applicants to assist in the recruitment process and help businesses attract talent. In providing this service, we share your Personal Information with job posters where you are an applicant under this service, or to applicants where you are a job poster under this service.
c) Sharing of Personal Information specific to our Global Teams employer of record services
To provide our Global Teams employer of record services, we act as the employer of record for employees who offer their skills and services to our customers. To provide this service and facilitate the relationship between our customer and the employee, we may share Personal Information of each party with the other. This means that if you are a customer under this service, we may share your Personal Information with the employee, and if you are an employee under this service, we may share your Personal Information with the customer.
d) Sharing your Personal Information with third parties
We may disclose your Personal Information to specific third-party service providers who facilitate the delivery of our Services and operation of our business activities. We disclose your Personal Information to such third parties as doing so may be necessary to adequately provide our Services to you, or to assist us in analysing how our Services are used and ensure they are provided to you at the highest quality. These third parties are given access to your Personal Information only to perform these tasks on our behalf or for our benefit and are required not to disclose or use it for any other purpose.
We share your Personal Information with our payments partner, Hay Ltd (Hay), so that you can apply for non-cash payment products that they issue. If we, or Hay, share your information with third party organisations (including those based in the US and UK) for the purpose of providing risk assessments and transaction monitoring (PEP and sanctions checking), it will only be related to the provision of the product provided by us via the Swag app that contains the spend account and Swag debit card (Swag Spend). We also share your Personal Information with third parties to verify your identity for the purposes of providing you with Swag Spend.
e) Sharing of Personal Information with Superannuation funds (when providing our Superannuation services)
We provide Personal Information and Sensitive Information to Employment Hero Financial Services Pty Ltd to provide users of our Employment Hero Platform and Swag app with the ability to choose, retain or engage with superannuation funds.
If you have subscribed to our Superannuation services, we may provide your Personal Information to our partner superannuation funds to check your membership with them (provided that you have given us consent to disclose your Personal Information to the superannuation funds). Upon your verification as a member of a superannuation fund, we will continue sharing your Personal Information with your chosen superannuation fund (including changes to your personal details, employment changes, life event information and other matters) only in connection with providing you access to their services.
10: Overseas disclosure of Personal Information
We may disclose your Personal Information to recipients located outside Australia, including our affiliates located in New Zealand, Singapore, United Kingdom, Malaysia, the Philippines, and Vietnam, and third-party service providers located globally, where it is deemed reasonably necessary for us to make such disclosure. When we disclose Personal Information to overseas parties, we will ensure that the overseas recipient complies with the APP guidelines when dealing with the Personal Information, and we put safeguards in place to ensure your Personal Information remains protected.
When we disclose Personal Information overseas, we take measures to ensure your information is treated in accordance with at least the standards that apply in the country whose privacy or data protection laws apply to that Personal Information (other than when compelled to make disclosure under local laws).
11: Do we use your Personal Information for Direct Marketing?
We may use Personal Information for direct marketing reasons by providing you news or information about our Services that you either request from us, or we believe may interest you. These communications may be sent in various forms, including mail, social media, SMS, or email.
Where you have subscribed to our Superannuation services, we may use your Personal information to directly market the products and services of your superannuation fund which we believe may be of interest to you.
You can opt out of receiving our direct marketing communications at any time by using any of our unsubscribe or opt-out mechanisms provided within our method of communication to you, or by contacting email@example.com.
We may still send you important notices relating to your account, operational activities, and technical updates when providing our Services even after you have opted out of receiving marketing communications.
12: Storage & Security of Personal Information
Personal information held by us will be stored and managed by our third-party suppliers who store data on secure data centres. Further details on our third-party storage provider’s location and security can be found here.
While we take all reasonable steps to ensure the security of our system, we cannot provide any guarantee regarding security of the Personal Information and other data transmitted to the Services and we will not be held responsible for events arising from unauthorised access of your Personal Information.
You can also play an important role in keeping your Personal Information secure, by maintaining the confidentiality of any password and accounts used on the Services. Please notify us immediately if there is any unauthorised use of your account by any other internet user, or any other breach of security relating to your account via email at firstname.lastname@example.org.
13: GDPR Compliance
14: Cookies and statistical analysis
- server address;
- domain name;
- date and time of visit;
- previous websites visited; and
- browser type.
15: Third-Party Links
The Services may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third-party website. Third-party websites are responsible for informing you about their own privacy practices and policies.
16: Google API policies
Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
17: Access to, and correction or deletion of your Personal Information
We will endeavour at all times to maintain an accurate record of your Personal information. To assist us in keeping our records up to date, you should ensure all Personal Information provided to us is accurate and up to date, and to notify us of changes where appropriate.
You have the right to access the Personal Information which we hold about you and for corrections to be made to this information. If you wish to verify or correct any of the details you have submitted to us, you may do so by contacting us via email at email@example.com. There are some circumstances in which we are not required to give you access to your Personal Information.
Contact us via email at firstname.lastname@example.org to request deletion of your user account and/or data. As soon as practicable after your request, we will take reasonable steps to delete your information from our systems and will provide your request to any relevant sub-processors. These steps will not include deleting any information stored in our system backups.
If you are an employee whose Personal Information has been uploaded to our platforms or apps by your employer, you may need to ask your employer to delete the Personal Information on your behalf. Your employer will then request us to delete it from our systems.
Our security procedures mean that we may request proof of identity before we reveal Personal Information. This proof of identity will take the form of your e-mail address and password submitted upon registration. You must therefore keep this information safe as you will be responsible for any action which we take in response to a request from someone using your email and password.
The length of time we keep your Personal Information depends on what it is and whether we have an ongoing business need to retain it (for example, to provide you with a service you’ve requested or to comply with applicable legal, tax or accounting requirements).
We’ll retain your Personal Information for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policy and practices. Following that period, we’ll make sure it’s deleted or anonymised.
19: Enforcement and complaints
We will aim to ensure that all questions and concerns are resolved in a timely and appropriate manner. If you are not satisfied with the outcome of your complaint, or require further information on privacy, you are entitled to contact your local data protection supervisory authority.
The supervisory authority that applies to customers and users in different countries in which we operate are set out below.
|Australia||Office of the Australian Information Commissioner||oaic.gov.au|
|New Zealand||Office of the Privacy Commissioner||privacy.org.nz/your-rights/making-a-complaint/|
|Singapore||Personal Data Protection Commission||pdpc.gov.sg|
|Philippines||National Privacy Commission||privacy.gov.ph/complaints-main.|
|Malaysia||Personal Data Protection Department||Email: email@example.com or complaints portal: daftar.pdp.gov.my/|
|Vietnam||Ministry of Information and Communications||https://english.mic.gov.vn/Pages/home.aspx|
20: Contact us
For European Union or UK data protection purposes, our representative is Bird & Bird GDPR Representative Services Ireland who can be contacted by email at firstname.lastname@example.org.