Onecard Group Pty Ltd Visitor, Client, and Platform Privacy and Data Protection Policy

Welcome to Onecard Group Pty Ltd. Protecting your privacy is important to us. This Privacy Policy explains how we handle personal information for visitors to our website and for clients using our platform to manage employee records. If you have any questions, please reach out to us at support@onecardgroup.com.

1. About This Policy This policy applies to:
• Website Visitors: People who visit or interact with our website.
• Clients (Platform Users): Businesses or organisations that subscribe to our platform to manage employee data. Note: We do not control the data clients enter or permissions they have with their employees. Clients are responsible for the data they upload and any permissions required to use employee information on the platform.

2. Information We Collect
• Website Visitor Data: When you visit our website, we may collect information such as your name, email address, or other contact details if you sign up for newsletters, contact us, or fill out forms. We may also gather data about your interaction with our site through cookies and analytics.
• Client Data: When you subscribe to use our platform, we collect account information, such as your name, company name, contact information, and billing details. We use this information to create and manage your account.

3. Client Operational Data Our clients enter operational data, such as employee records, to use our platform. We do not control this data and act only as a processor. Our clients are the data owners and control the information they upload, including any permissions or consents needed from employees.

4. How We Use Your Information
• Website Visitor Data: This information is used to respond to inquiries, improve our website, and provide relevant content. If you subscribe to our newsletter, we may send updates, which you can unsubscribe from at any time.
• Client Account Data: Used to manage your account, provide services, and process payments. • Client Operational Data: Processed solely to deliver services. We do not use, share, or access this data for our own purposes unless required for specific support requests with client permission.

5. Data Security We take data security seriously and use industry-standard measures to protect your information. This includes:
• Encryption: Data is encrypted both in transit and at rest.
• Two-Factor Authentication (2FA): Required for all logins to ensure secure access.
• Access Control: Only authorised team members can access specific data, and only when needed to provide support or maintain the platform.
• Regular Security Audits: Conducted to prevent unauthorised access and maintain the highest standards of protection.
• No Shared Login Credentials: User login details, including usernames and passwords, must remain confidential. Sharing credentials between users is strictly prohibited to ensure accountability and data security.

6. Your Control Over Your Data
• For Clients: As a client, you have full control over the data you upload to the platform. You can view, update, export, or delete data at any time. Please contact us if you need help managing your data.
• For Employees of Clients: If your employer uses our platform and you have questions about your data, please contact them directly. We process your information under their instructions and do not control it.

7. International Data Transfers Since we serve clients globally, your data may be stored or processed in countries other than your own. We comply with international data protection regulations, including and other regional frameworks.
• Standard Contractual Clauses (SCCs): For cross-border transfers, we use SCCs or other approved mechanisms to ensure adequate data protection.
• Data Residency Options: Clients in regulated industries can request data to be stored within specific jurisdictions.

8. Third-Party Services We use trusted third-party services to deliver our platform and manage payments. These providers follow strict privacy and security standards and only process your information as directed by us. Before engaging a third-party service provider outside your jurisdiction, we ensure they adhere to the privacy laws applicable to your region.

9. Cookies and Tracking We use cookies to improve your experience on our website. Cookies help us understand site usage and personalise content. You can manage cookies through your browser settings. Note that disabling cookies may affect website functionality.

10. Data Breach Notification In the event of a data breach:
• We will notify affected clients promptly, in compliance with applicable legal requirements.
• For global clients, breach notifications will comply with specific regional requirements, such as GDPR’s 72-hour rule or similar timelines outlined in local legislation.
• Details about the breach and steps to mitigate risks will be provided transparently.

11. Your Rights Depending on where you live, you may have rights regarding your personal data, such as:
• The right to access, correct, or delete your data. • Additional rights under GDPR, CCPA, or other laws, such as the right to data portability, the right to restrict processing, and the right to lodge complaints with local data protection authorities.

12. Changes to This Policy We may update this Privacy Policy periodically to reflect changes in our services or legal requirements. If significant changes are made, we’ll notify clients through the platform or by email.

13. Contact Us If you have questions or concerns about this policy, please contact us at support@onecardgroup.com.