Privacy Policy
1. Introduction
This Privacy Policy is issued by BIZPAYE BARTER EXCHANGE PTY LTD (ABN 33 678 792 188 (“Master Licensee”).
In Australia, personal information relating to Members is collected and administered by BIZSPOT CREDITS PTY LTD Trading As BIZPAYE AUSTRALIA (ABN 29 666 791 199) (“Sub-Licensee”) (“we”, “us”, “our”).
The Sub-Licensee determines the purposes and means of processing personal information in connection with the Australian Exchange and is the data controller for the purposes of the Privacy Act 1988 (Cth).
The Master Licensee may receive limited personal information in its capacity as:
· licensor of the Exchange framework; and/or
· trustee of the Debt Reserve Fund.
The Master Licensee does not operate the Exchange in Australia and does not determine day-to-day data handling practices of the Sub-Licensee.
This Privacy Policy sets out how we collect, hold, use and disclose personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
This Policy applies to personal information collected in connection with our business operations and participation through Platform of the Exchange.
The Platform operates under a master licence arrangement. We are the independent operator of the Platform in Australia and are solely responsible for compliance with applicable Australian laws, including the Privacy Act 1988 (Cth).
The licensor of the underlying software and intellectual property does not operate the Australian business, does not contract with members directly, and is not responsible for our compliance with privacy, consumer protection, regulatory or data protection obligations.
However, in limited circumstances described below, personal information may be disclosed to the licensor for governance, audit, security, or continuity purposes.
2. Governance and Audit Access
Under our master licence agreement, the licensor and licensee may have limited rights to audit system usage, compliance controls, security measures and technical integrity of the Platform. Such access is restricted to what is reasonably necessary and is subject to confidentiality obligations.
Any disclosure for audit purposes is limited to information reasonably required to verify compliance or protect the integrity of the Platform.
Such disclosure forms part of the primary purpose for which personal information is collected, being the operation, security, governance and integrity of the Platform, and is reasonably necessary for our functions and activities.
For the purposes of Australian privacy law, we determine the purposes and means of processing personal information in connection with the Australian Platform and are the data controller of such information. The Master licensor and licensee process personal information only in limited circumstances described in this Policy and does not independently determine the purposes of processing in Australia.
The “Exchange” refers to the barter clearing system, Trade Credit ledger, and transaction administration framework.
The “Platform” refers to the software, websites, applications and interfaces used to access the Exchange.
Personal information may be processed in connection with both the Exchange and the Platform.
3. What is Personal Information?
“Personal information” means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether recorded in a material form or not.
Where sensitive information is collected, it will be collected only where reasonably necessary for our functions or activities, with consent where required, and handled in accordance with the Australian Privacy Principles.
Where lawful and practicable, individuals may interact with us anonymously or using a pseudonym.
However, due to the nature of operating a regulated barter and trade exchange network, including identity verification, fraud prevention, and compliance obligations, it will generally not be practicable for individuals to transact or maintain an account anonymously.
4. The Types of Personal Information We Collect
We may collect personal information including:
· Identity information (name, date of birth, identification details where required)
· Contact details (email address, phone number, business address)
· Employment or role information (position, employer, authorisations)
· Business registration information (e.g. ABN, ACN, director details where applicable)
· Account credentials and access logs
· Transaction and account history
· Compliance information (e.g. KYC/AML verification information where applicable)
· Communications and correspondence
· Technical and usage data, including IP address, device type, operating system version, browser type, access timestamps, configuration data, diagnostic data collected in the event of system errors, and security or access logs.
· When you access the Platform, our servers automatically record information (“Log Data”) including IP address, browser type, pages accessed, date and time of access, referring URLs and diagnostic data. Log Data is used for system security, troubleshooting, analytics and fraud detection.
Where identity verification or compliance checks are required, failure to provide requested information may result in delayed onboarding, restricted account functionality, suspension or refusal of access to the Platform.
We also maintain system integrity logs, administrative access logs, security event logs and audit records as part of our contractual governance obligations under the master licence agreement. These logs may include user identifiers, access timestamps, IP addresses and account activity records.
In limited circumstances, including the Exchange ledger and Trade Credit clearing system regulatory events, insolvency, material breach, termination of licence rights, or where reasonably required to ensure operational continuity of the Platform, the Master licensee may temporarily assume certain operational functions of the Platform in accordance with the master licence agreement.
In such circumstances, personal information may be disclosed to the Master licensee strictly to the extent reasonably necessary for:
• maintaining system continuity
• protecting member accounts
• ensuring regulatory compliance
• securing and preserving system data
• facilitating orderly transition or wind-down
Such disclosure will be subject to confidentiality and security safeguards.
Unless otherwise required by law, we remain responsible for compliance with the Australian Privacy Principles in relation to personal information.
5. How We Collect Personal Information
We collect personal information:
· Directly from individuals;
· From authorised representatives or employers;
· Through onboarding processes and account registration;
· Through use of the Platform;
· From public registers and government databases;
· From service providers (including identity verification providers);
· From regulatory or compliance databases where required.
If we collect personal information from a third party, we take reasonable steps to ensure the individual would reasonably expect the collection or has otherwise consented.
We may use your personal information to verify reviews, ratings or feedback submitted through the Platform. This may include contacting you via phone, email or other electronic communication methods to confirm that a service was provided and to validate the authenticity of a review or rating.
We may use personal information to check, validate and moderate reviews and ratings. If a review or rating cannot be verified, is misleading, unlawful or otherwise breaches our Terms and Conditions, we may remove that content.
We use cookies, pixels and similar technologies to collect technical and usage data when you access our website or Platform.
These technologies help us to:
· recognise returning users;
· maintain session security;
· analyse usage patterns;
· improve functionality and performance; and
· deliver relevant content and communications.
You may control cookies through your browser settings. However, disabling cookies may affect the functionality of the Platform.
We may use third-party analytics and marketing tools to better understand how users interact with our website and Platform, improve functionality, measure the effectiveness of communications, and deliver relevant content.
These tools may include:
· Web analytics services (such as Google Analytics or similar providers);
· Marketing and advertising platforms;
· Email campaign management tools;
· Customer relationship management (CRM) systems;
· Social media advertising and remarketing services.
These providers may use cookies, pixels, tags or similar technologies to collect information such as:
· IP address;
· device identifiers;
· browser type and version;
· pages visited;
· time spent on pages;
· referring website addresses;
· interaction with advertisements or communications.
Information collected through these technologies may be transmitted to and stored on servers located outside Australia, including in the United States, Singapore, or the European Union.
Where third-party providers process personal information on our behalf, we take reasonable steps to ensure appropriate contractual and security safeguards are in place.
You can manage your cookie preferences through your browser settings. In some cases, you may also opt out of certain analytics tracking through the relevant provider’s opt-out tools (for example, Google Analytics opt-out browser add-on).
Our website or Platform may also contain social media features, such as buttons or plugins from platforms such as LinkedIn, Facebook, Instagram or similar services. These features may collect information about your interaction with our website and are governed by the privacy policies of the relevant social media provider
At or before the time of collection, or as soon as practicable afterwards, we take reasonable steps to notify individuals of the matters required under the Australian Privacy Principles, including the purposes of collection, consequences of non-provision, and any overseas disclosures.
6. Why We Collect Personal Information
We collect and use personal information for purposes including:
· Identity verification and onboarding;
· Providing access to and operating the Platform;
· Facilitating transactions;
· Account administration and billing;
· Compliance with legal and regulatory obligations;
· Risk management and fraud prevention;
· Security monitoring and incident response;
· Dispute resolution and enforcement of rights;
· Improving our services;
· Sending operational and administrative communications;
· Marketing communications (where permitted by law).
We collect, use and disclose personal information only where reasonably necessary for our functions and activities, or where required or authorised by law.
In particular, we rely on one or more of the following grounds:
· performance of a contract or taking steps prior to entering into a contract;
· compliance with legal and regulatory obligations (including anti-money laundering and counter-terrorism financing requirements, where applicable);
· where reasonably necessary for our functions and activities as permitted under the Privacy Act including fraud prevention, platform security and service improvement; and
· your consent, where required.
We will not use or disclose personal information for a purpose other than the primary purpose of collection unless permitted under the Privacy Act.
We may use automated systems, algorithms or risk assessment tools to monitor transactions, detect suspicious activity, assess compliance risks, prevent fraud, or protect the integrity of the Platform.
These systems may influence account status, transaction monitoring, or security reviews. Significant decisions are subject to human oversight where appropriate.
Members acknowledge that privacy compliance in Australia is the responsibility of the Sub-Licensee.
Any complaint regarding handling of personal information should be directed to the Sub-Licensee in the first instance.
7. Disclosure of Personal Information
We may disclose personal information to:
· Related entities;
· IT service providers, cloud hosting providers and cybersecurity providers;
· Professional advisers (lawyers, accountants, auditors);
· Payment providers and financial institutions;
· Compliance and identity verification service providers;
· Regulators, courts or government agencies where required by law;
· Debt recovery or enforcement providers where necessary.
· Other users of the Platform, where reasonably necessary to verify that a service was provided or a transaction occurred (for example, sharing limited contact information for review validation purposes).
· The Australian Taxation Office (ATO), AUSTRAC, or other taxation or enforcement authorities where required by law or reasonably necessary for compliance purposes.
As part of operating a barter and trade exchange network, certain business profile information may be visible to other authorised members through member directories, trading listings, or transaction interfaces.
This may include:
• Business name
• Trading name
• Business contact details
• Business description and categories
• Trading status
• Reviews and ratings
• Transaction confirmations
This visibility is a core feature of operating a trade exchange network and is reasonably necessary to facilitate transactions, verify trading history, maintain trust, and resolve disputes.
Members are responsible for ensuring that information they choose to publish through their business profile is accurate and appropriate.
We take reasonable steps to ensure that such disclosures are limited to what is necessary for the functioning and integrity of the Platform.
Where we integrate or link to third-party services, those providers may collect personal information in accordance with their own privacy policies. We do not control and are not responsible for the privacy practices of third-party services, and we encourage you to review their privacy policies before using those services.
The Exchange may migrate, replace or upgrade the Platform technology provider. Members consent to transfer of account data for continuity of service subject to privacy safeguards.
We require service providers who process personal information on our behalf to enter into confidentiality and data protection agreements and to implement reasonable security safeguards
8. Overseas Disclosure of Personal Information
Some of our service providers may be located overseas. As a result, personal information may be disclosed to recipients outside Australia.
Where we disclose personal information overseas, we take reasonable steps to ensure the overseas recipient does not breach the Australian Privacy Principles in relation to the information, unless an exception under the Privacy Act applies.
The countries in which recipients are likely to be located include the United States, Singapore, and member states of the European Union. It is not practicable to specify all countries in which our service providers may operate from time to time.
Overseas disclosures may include cloud storage providers located in jurisdictions such as the United States, Singapore, the European Union and other countries in which our technology providers operate.
We implement contractual safeguards and due diligence processes to protect personal information transferred overseas.
Where you expressly consent to the disclosure of your personal information to an overseas recipient after being informed that APP 8.1 may not apply, we may not be required to take reasonable steps to ensure that the overseas recipient complies with the Australian Privacy Principles.
Personal information may also be disclosed to the Platform Master licensee or related entities located in other jurisdictions in which the licensee operates, where reasonably necessary for governance, audit, security, regulatory or continuity purposes.
Unless an exception under the Privacy Act applies, we remain accountable under the Australian Privacy Principles for personal information disclosed to overseas recipients.
Overseas recipients may be subject to laws that differ from Australian privacy laws and individuals may not have the same rights or remedies in relation to overseas recipients.
9. Data Security
We take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure.
These measures include:
· Access controls and authentication procedures;
· Encryption and secure storage systems;
· Network security monitoring;
· Staff confidentiality obligations;
· Internal data protection policies.
We also require our personnel and contractors to maintain confidentiality.
While we take reasonable steps to protect personal information using commercially acceptable security measures, no method of transmission over the internet or electronic storage is completely secure. Accordingly, we cannot guarantee the absolute security of personal information.
In the event of an eligible data breach under the Notifiable Data Breaches scheme, we will comply with our notification obligations under Part IIIC of the Privacy Act 1988 (Cth).
To the extent permitted by law, we are not liable for indirect or consequential losses arising from unauthorised access caused by criminal third-party cyber activity despite reasonable security safeguards.
10. Data Retention
We retain personal information only for as long as reasonably necessary to:
· Fulfil the purposes outlined in this Policy;
· Comply with legal and regulatory obligations;
· Resolve disputes; and
· Enforce agreements.
Where practicable, we may de-identify or aggregate personal information for analytics, reporting, system improvement and statistical purposes. De-identified information is not considered personal information under the Privacy Act.
When personal information is no longer required, we take reasonable steps to destroy or de-identify it.
11. Account Closure
If your account is closed or terminated, we may retain certain personal information as required to comply with legal obligations, resolve disputes, prevent fraud, enforce our agreements, and maintain financial and transaction records.
Where the master licence arrangement is terminated or transferred, personal information may be retained or disclosed as reasonably necessary to facilitate regulatory compliance, dispute resolution, debt reconciliation, audit processes and orderly transition of the Platform.
12. Access and Correction
You may request access to the personal information we hold about you and request correction if it is inaccurate, out-of-date, incomplete, irrelevant or misleading.
Requests should be made in writing to our Privacy Officer details below.
We will respond within a reasonable period. We may refuse access in limited circumstances permitted under the Privacy Act and will provide reasons where required.
13. Notifiable Data Breaches
If we experience an eligible data breach under Part IIIC of the Privacy Act 1988 (Cth), we will:
· Assess the suspected breach;
· Notify the Office of the Australian Information Commissioner (OAIC) if required; and
· Notify affected individuals where required by law.
We maintain an internal data breach response plan that includes containment, assessment, notification and remediation procedures.
14. Children’s Privacy
Our Platform is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18 years of age. If we become aware that personal information of a child under 18 has been collected without appropriate consent, we will take reasonable steps to delete that information promptly.
15. Direct Marketing
We may send marketing communications in accordance with the Spam Act 2003 (Cth).
Individuals may opt out of receiving marketing communications at any time by using the unsubscribe function in the communication or contacting us directly.
Operational and service-related communications cannot be opted out of.
16. Complaints
If you believe we have breached the Privacy Act or the Australian Privacy Principles, you may make a complaint by contacting our Privacy Officer.
We will investigate and respond within a reasonable timeframe.
If you are not satisfied with our response, you may lodge a complaint with the:
Office of the Australian Information Commissioner (OAIC)
Website: www.oaic.gov.au
This includes complaints relating to overseas disclosures of personal information. We will investigate and respond in accordance with our obligations under the Privacy Act.
17. Contact Details
Privacy Officer
The Proper Officer
BIZSPOT CREDITS PTY LTD T/A Bizpaye Australia
402/11-13 Solent Circuit, Norwest, NSW, 1153
Email: info@bizpaye.com.au
18. Updates to this Policy
We may update this Privacy Policy from time to time. The latest version will be published on our website or Platform.