Skip to content

upphr.com.au

Privacy Policy

Effective Date: 13 December 2024

Your Privacy and The UPP HR Discretionary Trust (ABN 70 933 504 323) (collectively and individually referred to as “UPP HR”, “we”, “us” or “our”).

Who we are and how you can contact us

We are UPP HR and we are based in Queensland, Australia. We are committed to protecting your privacy and respecting and upholding your rights when you use this Site. This Privacy Policy applies to the products and/or services we provide on our Site and our social media channels, and explains how we collect, hold, use and disclose data and comply with the requirements of the Privacy Act 1988 (Cth) and constitutes part of our Website Terms & Conditions. This Privacy Policy does not cover information that you submit on other websites, even if we communicate with you on those sites. For example, if you post something on Instagram, Facebook, Pinterest, X, or YouTube, that information is governed by the privacy policies on those websites, and is not governed by this Privacy Policy.

You can contact us for privacy-related questions by completing this form or contacting us at: hey@upphr.com.au.

We will only use your personal information in compliance with Australian Privacy Laws (Privacy Act (1988 (Cth)), Australian Privacy Principles and to the extent applicable, with the EU General Data Protection Regulation (GDPR) and any replacement legislation or regulation or guidelines and standards governing the use, storage or transmission of personal data.

Our role in your privacy

If you are a customer, subscriber or just a visitor on our Site, this Privacy Policy will apply to you.

Our responsibilities

As we are the providers of the products and services on this Site, we determine how and why your data is processed. We do not sell or rent your details to any third parties. We are committed to protecting your privacy and we want you to know exactly what information is collected and how we use it.

Your responsibilities

Please read this Privacy Policy and our Website Terms & Conditions. If you provide us with any data relating to a third party, you confirm that you have the right to authorise us to process that data on your behalf in accordance with this Privacy Policy.

When and how we collect data

From the moment you visit our Site, we are collecting data, sometimes you might provide this data by completing a form or setting up an account, otherwise we might collect the data automatically. We may also collect data when:

  • You make a purchase on our Site, including but not limited to, gift cards, or any other products available for purchase
  • You interact with us on social media
  • You complete any sign-up forms, landing pages or send us a direct message via social media or an email to any of our nominated emails
  • You participate in events, promotions and giveaways or any request for additional data such as customer surveys
  • You accept our cookies and tracking technologies, which may include services from third parties that provide analytics, traffic management, content delivery, and load balancing (e.g. CDNs). For more details on the cookies we use, including those from third-party providers that assist with performance, analytics, and functionality, please contact us.
  • You voluntarily submit your data to us for any reason

Types of data we may collect

  • Contact details (name, address, email)  
  • Financial Information (bank details when you are making a purchase)
  • Your business name (sometimes)
  • Basic information about your business and its history (sometimes) 
  • Data about the products or services you purchase 
  • Data about your experience with our Site and our products and services  
  • Data relating to your circumstances and such other information that is relevant to the products or services we provide to you  
  • Data relating to your attendance at seminars or other events held by us (including webinars and podcasts)  
  • Data that identifies you (your IP address, login, browser type, time zone, browser plugins, geolocation, what operating system and version) – we do not link this with any personal Data
  • Data on how you use our Site (URL clicks, products and services views, how long you are on our pages and other actions) 
  • We may also collect technical data via third-party services, such as content delivery networks or font services, to improve the performance and functionality of our Site. These services may collect information like IP addresses to ensure proper delivery and functionality. 

Use and disclosure of your data

Under data laws, we are only allowed to use your data for specific reasons and where we have the legal basis to do so.   

We will use your data for the purposes it was collected and related purposes which include:  

  • Operating our Site 
  • Providing you with products, information and services 
  • Customer support 
  • Tracking your purchase history 
  • Detecting and preventing fraud  
  • Improving our Site  
  • Making your experience on our Site more efficient and enjoyable  
  • Market research e.g. we may contact you for feedback about our products and services  
  • Provide you with information about events, other products or services or opportunities that may be of interest  
  • Marketing (with your consent)  
  • Monitoring your compliance with our Website Terms and Conditions  
  • We may use client-provided systems, including onboarding and HR software, Microsoft 365, SharePoint, OneDrive, and Outlook, to collect, store, and process employee information as part of our services.
  • We may disclose your data for the purposes it was collected and also:  
  • As required by law subject to our legal obligations  
  • With your explicit consent 
  • Within our business, limited to employees and trusted service providers who have a legitimate interest to access your data in order to provider our products and/or services  
  • To send you marketing material (with your consent)  
  • To process your participation in any promotions and giveaways (including contacting you if you win, displaying your name online and on our social media platforms)  
  • Share with third parties who are necessary to enable us to provide our products and/or services to you, subject to appropriate confidentiality and data protection agreements   
  • When a client’s business is sold, employee files will be handled in accordance with legal and contractual obligations. For employees who do not transfer to the new business entity, we will consult with the original owner to ensure appropriate storage or disposal. In cases where the original owner is no longer in business, alternative secure storage arrangements will be made in compliance with privacy laws. 

Collection and use of sensitive information

In the course of providing our services, we may collect, use, and store sensitive information as defined under the Privacy Act 1988 (Cth). This includes, but is not limited to: 

  • Health and vaccination information. 
  • Tax File Numbers (TFNs), superannuation details, and bank account information. 
  • Emergency contact details. 
  • Visa and work status information. 
  • Identification documents such as passports, driver’s licences, and Medicare cards. 
  • Information gathered during the course of providing servicers, including client details, employment related matters, including performance records, confidential or incriminating details related to industrial relations (IR) or employee relations (ER) matters, and legal claims such as unfair dismissal or general protections disputes. 

Consent for sensitive information

We will only collect sensitive information with the consent of the individual or as required or authorised by law. By engaging our services, you confirm that you have obtained the necessary consent from individuals whose sensitive information we may collect, process, and store on your behalf. Where we collect sensitive information directly from individuals, we will obtain their explicit consent, including through forms or electronic agreements, as appropriate. 

Storage and protection of sensitive information

Sensitive information will be stored securely and only accessed by authorised personnel for legitimate business purposes. We take appropriate measures to safeguard this information, including encryption, restricted access, and secure storage systems. 

Disclosure of sensitive information

Sensitive information will only be disclosed: 

  • As required by law or a court order. 
  • With the individual’s consent or at their request. 
  • To authorised third parties necessary to provide our services, subject to confidentiality obligations. 

Retention and disposal of sensitive information

Sensitive information is retained for as long as it is reasonably necessary to provide our services or to meet legal, regulatory, or contractual requirements. 

We employ secure deletion methods to remove information from active systems once it is no longer required. However, due to the nature of modern data management systems, complete destruction of all electronic backups may not be possible. Backups are retained for system integrity and disaster recovery purposes and are subject to automated retention policies that limit their availability for general use. 

Access to such backups is strictly restricted, and we ensure that data within backups is not used for any purpose other than system restoration in the event of data loss. As part of our commitment to data security, we periodically review and update our backup retention policies to align with industry best practices and legal requirements. 

Providing personal information about others

If you provide us with another person’s Personal Information, please ensure that you have their permission to do so. It is also your responsibility to inform them about our privacy practices, including how we collect, use, disclose, and retain their Personal Information as outlined in this Privacy Policy. 

Indemnity

By sharing another person’s Personal Information with us, you agree to indemnify and hold us harmless from any claims, liabilities, damages, or expenses arising from your failure to obtain consent or inform the individual of our privacy practices as required under this section. 

Google analytics

We use Google Analytics functions. You can find out how your data is collected here and there are instructions here on how to opt-out of Google Analytics data tracking.  

Our use of Google Analytics may include but is not limited to display advertising and remarketing. You may see our adverts across the internet, this is due to the use of tracking technologies (cookies) to optimise and serve our adverts based on past visits to our Site. When you log onto our Site, we, with the help of Google Analytics, use your browsing behaviour to connect this with other data that you previously provided to us in accordance with this privacy policy. 

Choosing not to provide personal data

You can choose not to provide us with any personal data. However, if you do this, we will not be able to provide you with any products or services, however, you can continue to use our Site and browse the pages of our Site. 

Turning off cookies

Our Site uses cookies and similar technologies to provide certain functionality to our Site. You can turn off cookies by activating the setting in your browser that allows you to do this. You can also delete cookies through your browser settings. If you do decide to turn off cookies, you can continue to use the Site, however, certain services may not work as effectively.  

Marketing

We will always let you know before we collect any data from you what the intended use is and if we intend to use it for marketing and if third parties are involved, we will obtain your consent (which you can withdraw at any time). You can change your mind about marketing material by opting out by:  

  • contacting us via email hey@upphr.com.au; or 
  • completing the contact us form on our contact page; or   
  • unsubscribing within the email if you have previously subscribed to our newsletter.  

SMS marketing and notifications

By providing your phone number and opting in to SMS marketing, you agree to receive text messages from us regarding your purchases, promotions, and updates. Message and data rates may apply. You can opt out at any time by following the instructions provided in the messages. 

How we use your information for SMS

When you provide your phone number, we collect and store this information for purposes such as sending order updates, promotional offers, and marketing messages. We do not share your phone number with third parties except as required to process your requests or when required by law.

Opt-out and data removal

You can opt out of SMS marketing at any time by replying ‘STOP’ to any of our text messages. Once opted out, you will no longer receive SMS marketing from us, but you may still receive essential transactional messages regarding your orders.  

Your rights

You can exercise your rights at any time by contacting us via email at hey@upphr.com.au or the contact us page on our Site

Accessing information we hold about you

We will provide you with the information within 30 days of your request, unless doing so would adversely affect the rights and freedoms of others (e.g. another person’s confidentiality or intellectual property rights). We will tell you if we can’t comply with your request and why. 

Inaccurate information

You can contact us to ask us to correct any information we hold about you that you believe is inaccurate. 

Objections to using data for profiling or automated decisions

We may analyse your data to determine the products and services that are most relevant to you, such as tailoring our emails based on your behaviour. However, we will not use your data for any automated decisions that could significantly impact you without your explicit consent or where required or authorised by Australian law. The primary purpose of using your data is to provide our products and services to you effectively.

In cases where we use automated systems to make decisions that may impact your rights or interests, we will ensure transparency. Our privacy policy outlines the types of personal data these systems use, the nature of the decisions being made, and the role these systems play in the decision-making process. You may contact us if you wish to know more about how these systems work or to request human review of any automated decision.

The right to be forgotten

You have the right to request for your data to be erased. This means we have to delete all information that we hold about you, except to the extent of any information we are required to hold due to our legal obligations.

Making a complaint

  • If you have any complaints regarding how your data is handled, please contact us via our contact page. If you are not satisfied with our response to your complaint, you may seek a review by contacting the Office of the Australian Information Commissioner (OAIC) via their website https://www.oaic.gov.au
  • If you are located in the European Union and feel your data has been mishandled, you may lodge a complaint with your local data protection authority, which you can find through the European Data Protection Board (EDPB) at https://edpb.europa.eu/about-edpb/board/members_en

Under Australian privacy laws, individuals may take legal action for serious invasions of privacy, including intrusion upon seclusion or misuse of private information. If you believe your privacy has been intentionally or recklessly breached, and the invasion is serious, you have the right to seek compensation or other remedies through the courts. 

Security of the data we collect

We realise that our customers trust us to protect their data and whilst we cannot guarantee the security of any information you transmit to us, or receive from us, we take that task seriously and maintain reasonable and appropriate physical, electronic and procedural safeguards to help protect your data. This includes the following:

  • Password access to accounts  
  • Storing electronic data with reputable third party storage providers who have appropriate security protections  
  • Limit access to personal information to individuals who need to know.   
  • Using payment providers who are PCI DSS compliant  
  • We do not store your payment details 

In the event of a data breach that involves personal or sensitive information, we will notify affected parties and the relevant authorities as required under the Notifiable Data Breaches (NDB) scheme of the Privacy Act 1988 (Cth). This includes identifying and mitigating the breach, assessing the risk of harm, and taking corrective action to prevent future breaches. 

Where we store data

We use service providers based in Australia, however, we may share your data with overseas organisations in countries or under privacy frameworks approved by the Australian Government. These countries are deemed to have privacy protections similar to Australia’s. Where applicable, we take steps to ensure that your data remains protected in line with Australian privacy laws. 

How long we store data for

All personal information is retained for as long as it is necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory, or business requirements. This includes data such as: 

  • General contact information (e.g., name, email address, phone number). 
  • Business-related details (e.g., business name, ABN, job title). 
  • Non-sensitive transactional data (e.g., purchase history). 

Retention periods

We retain non-sensitive information based on the following criteria: 

  • Active Use: As long as the information is actively used for providing services or maintaining client relationships. 
  • Compliance: As required to meet legal or financial record-keeping obligations, such as tax laws or audit requirements. 

Disposal of non-sensitive information

When non-sensitive information is no longer required, we securely delete it from our systems. For electronic data, this may include: 

  • Permanent deletion from active databases. 
  • Overwriting storage media where possible. 

As with sensitive information, non-sensitive data may exist in backup systems retained for system integrity and disaster recovery purposes. Access to these backups is strictly limited, and non-sensitive information in backups is not used for operational purposes. 

Third parties who access your data

  • We share data with third parties in the following circumstances:  
  • Other companies in our group of companies, as necessary to operate our Site  
  • Our suppliers and service providers working for us e.g. payment processors  
  • Our professional and legal advisors  
  • Third parties engaged in fraud prevention and detection  
  • Law enforcement or other government authorities  
  • Share with third parties who enable us to provide our products and services which may include:
  • payment processors such as Stripe, PayPal, Xero, Shopify who may process your payment for any products and services bought from us;  
  • Social media and analytics such as Facebook, Instagram and Google Adwords for purpose of custom audience generation and the development of targeting criteria;  
  • Other third parties such as Zoom, Active Campaign, for processing and holding Data that enables us to ensure you are kept informed of all course information, logins and marketing material, offers, promotions, newsletters, blogs and video training.  
  • Where we have your consent to do so or otherwise where we are legally permitted to do so. 
  • In scenarios where we act as a data processor using client systems, the client retains primary responsibility for ensuring compliance with data protection laws. We commit to maintaining the confidentiality and security of data processed through client-provided systems. 

Age of consent

By using this site, you warrant that you are at least the age of majority in your State or Territory of residence. Our Site should not be used by anyone under the age of majority, and we do not knowingly collect data from anyone under the age of majority. 

Cookies and how to block them

Our Site uses cookies and similar technologies to provide certain functionality to our Site. “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. Cookies can also be used to analyse traffic and for advertising and marketing purposes. They do not harm your systems and the HELP function in your browser will tell you how to restrict or block the cookies.   

You can turn off cookies by activating the setting in your browser that allows you to do this. You can also delete cookies through your browser settings. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org. If you use browser settings to block all cookies, you may not be able to access all or parts of our Site. 

Web beacons

We may use web beacons (also known as clear gifs) on our website and in our emails. These enable us to track behaviours such as email opens and link clicks, as well as collect information like your IP address, browser type, or email client. This data helps us analyse and improve the performance of our email campaigns, ensuring we can provide you with services that better meet your needs. You can opt out of receiving emails from us at any time by clicking the “unsubscribe” link included in each email. 

Governing Law

This Privacy Policy and your use of this Site is governed in all respects by the laws of Australia. 

Updates to our privacy policy

Please make sure to check in on our Privacy Policy periodically, as we may update this Privacy Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons. We will always ensure that the current date of the Privacy Policy also known as the “Effective Date” is prominently displayed at the very top of this Privacy Policy, so you know it’s the latest version.