FinPay Group

1. Introduction and Commitment

FinPay Group (referred to as “we,” “us,” or “our”) is committed to protecting your privacy. We handle your personal information responsibly, securely, and transparently.

This Privacy Policy outlines how we collect, use, disclose, and manage your personal information in accordance with the Australian Privacy Principles (APPs) contained within the Privacy Act 1988 (Cth).

2. Scope

This policy applies to all personal information collected by FinPay Group, primarily through our website and related digital interactions.

3. The Kinds of Information We Collect

“Personal information” is information or an opinion about an identified individual, or an individual who is reasonably identifiable. We only collect information that is reasonably necessary for our functions and activities.

Currently, we collect the following types of information:

3.1 Contact Information

• Email Addresses: We collect your email address when you provide it to us (e.g., by subscribing to updates, filling out a contact form, or registering interest in our services).

3.2 Metadata and Technical Information

When you visit our website, we automatically collect technical data and metadata. This may include:

• IP Address: Used for security, geolocation (at a city or region level), and analyzing traffic patterns.
• Device and Browser Information: The type of device you are using, operating system, and browser type.
• Usage Data: Information about how you use our website, such as the pages you visit, the time spent on those pages, the links you click, and the referring website.

3.3 Information We Do Not Collect

At this time, we do not collect financial information, credit history, government-related identifiers (such as Tax File Numbers or Driver’s Licences), or sensitive information (such as health or biometric data).

4. How We Collect Information

4.1 Direct Collection

We collect your email address directly from you when you voluntarily submit it through forms on our website (e.g., subscription forms, contact us pages).

4.2 Automatic Collection (Metadata and Cookies)

We collect metadata automatically when you browse our website. This is achieved through standard web technologies, including:

• Server Logs: Our servers automatically record information created by your use of our website.
• Cookies and Analytics: We use cookies and similar tracking technologies (e.g., web beacons, analytics services like Google Analytics) to track activity on our website, analyze trends, and improve user experience. You can manage cookie preferences through your browser settings, but disabling them may affect website functionality.

5. Purposes of Collection, Use, and Disclosure

We collect and use your personal information for the following purposes:

• Communication: To respond to your inquiries, provide information you have requested, and send updates or newsletters you have subscribed to.
• Website Improvement and Analytics: To understand how visitors use our website, monitor the performance of our site, and improve our services and user experience.
• Security: To monitor for and protect against security threats, fraud, or other malicious activity.
• Marketing: To provide you with information about our services, promotions, or upcoming developments (see Section 6).
• Legal Compliance: To comply with any applicable Australian laws or regulatory requirements.

6. Direct Marketing

We may use your email address to send you direct marketing communications about our services. We will only do this in accordance with the Spam Act 2003 (Cth).

Opting Out: You can opt-out of receiving marketing communications at any time by:

• Using the “unsubscribe” facility included in our emails.
• Contacting our Privacy Officer (see Section 12).

7. Disclosure of Personal Information

We do not sell your personal information. We may disclose your information to third parties who assist us in operating our website and conducting our business. These include:

• Email Service Providers: Companies that assist us in managing our email lists and distributing newsletters (e.g., Mailchimp, SendGrid).
• IT and Hosting Providers: Services providing cloud hosting, data storage, and website maintenance.
• Analytics Providers: Services that help us analyze website traffic and usage (e.g., Google Analytics).
• Legal Authorities: When required or authorized by Australian law or a court/tribunal order.

8. Cross-Border Disclosure

Some of our third-party service providers, particularly those providing email distribution, analytics, and cloud hosting, may be located overseas or may store data overseas. These countries commonly include, but are not limited to, the United States and Singapore.

When we disclose personal information to overseas recipients, we take reasonable steps to ensure that the recipient handles the information in a manner consistent with the Australian Privacy Principles, typically by ensuring appropriate contractual agreements are in place.

9. Data Security and Retention

9.1 Data Security

We take the security of your information seriously. We implement measures to protect your personal information from misuse, interference, loss, and unauthorized access. These measures include:

• Encryption: Using SSL/TLS encryption for data transmitted to and from our website.
• Access Controls: Limiting access to your personal information to authorized personnel only.
• Secure Storage: Utilizing reputable hosting providers with robust security infrastructure.

9.2 Retention

We retain your email address for as long as you remain subscribed or as long as necessary to fulfill the purpose for which it was collected. Metadata may be retained for analytical and security purposes. When information is no longer required, we will securely delete or de-identify it.

10. Data Quality, Access, and Correction

10.1 Access

You have the right to request access to the personal information we hold about you (primarily your email address and associated subscription preferences). To request access, please contact our Privacy Officer (Section 12). We will respond to your request within a reasonable period.

10.2 Correction

If you believe the information we hold is inaccurate or out-of-date (e.g., you have changed your email address), you have the right to request its correction.

11. Privacy Complaints and Enquiries

If you have a complaint about how we have handled your personal information or believe we have breached the Australian Privacy Principles, please contact our Privacy Officer (Section 12).

We will acknowledge your complaint promptly, investigate the matter, and aim to provide a resolution within 30 days.

If you are not satisfied with our response, you may refer your complaint to the Office of the Australian Information Commissioner (OAIC).

12. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices (e.g., if we begin collecting new types of information) or legal obligations. The updated policy will be posted on our website.