PRIVACY POLICY

Axis IP Pty Ltd Trading as Paypa Plane (ACN 613 002 430) ("Axis", “Paypa Plane”, "we","our", "us") recognises the importance of your privacy and understands your concerns about the security of the personal information provided to us. We comply with the AustralianPrivacy Principles (APPs) as contained in the Privacy Act 1988 (Cth). The APPs detail how personal information may be collected, used, disclosed, stored and destroyed, and how an individual may gain access to or make complaints about the personal information held about them.

Under the APP’s there are two categories of privacy information.

“Personal information” is information or an opinion about an identified individual, or about an individual who is reasonably identifiable and:

“Sensitive information”, a sub-set of personal information, is information or an opinion aboutan individual’s racial or ethnic origin, political opinions, political association membership,religious beliefs or affiliations, philosophical beliefs, professional or trade associationmembership, trade union membership, sexual orientation or practices or criminal record, andincludes health information and genetic information.

This Privacy Policy details how we manage personal information about you.

Why we collect, hold, use and disclose personal information.

We collect, hold, use and disclose personal information from you or about you where it is reasonably necessary for us to carry out our business functions and legal obligations. For example, we collect, hold, use and disclose your personal information as necessary to provide our services, for our administration and accounting purposes associated with providing these services, for statistical and data collection purposes, providing you with information about other goods and services offered by us, marketing and promotions, market research and website traffic analysis.

Generally, we do not collect sensitive information. We may collect other sensitiveinformation from you or about you where there is a legal requirement to do so, or where weare otherwise permitted by law. In all other situations, we will specifically seek your consent.If we do not collect, hold, use or disclose your personal information, or if you do not provideyour consent, then we may not be able to answer your enquiry or provide the services thatyou or your organisation have contracted us to provide.

Where we wish to use or disclose your personal information for other purposes, we will obtain your consent. Where we use your personal information for marketing and promotional communications, you can opt out at any time by notifying us. Opt out procedures are also included in our marketing communications. We may also disclose your personal information to third parties (including government departments and enforcement bodies) where required or permitted by law.

What personal information we collect and hold

The kinds of personal information we collect from you or about you depend on the transaction you have entered into with us, the services you or your organisation have contracted us to provide, and the services you or your organisation are interested in. The kinds of personal information that we commonly collect and hold from you or about you include: your name, address, phone number, email address and banking details (including bank account and BSB numbers). We will also collect details about the product and/or services being purchased by you, as each payment request will include a description of the item and/or service purchased.

How we collect and hold personal information

We will, where possible, only collect your personal information directly from you, unless it isunreasonable or impracticable for us to do so. If we collect your personal information fromanother person (e.g. your merchant) and it is unclear that you have consented to thedisclosure of that information to us, we will, whenever reasonably possible, make you awarethat we have done this and the reasons for doing so.

For example, we may collect personal information from you through our portal, your service provider, telephone calls, emails and other correspondence to us or our employees, ourDirect Debit Requests or other online forms, enquiries and contracts for the use of our services and participation in any marketing events.

While we do not collect credit card numbers, our credit card tokenisation technology intercepts credit card numbers entered into any enterprise payment acceptance system and environment. It replaces credit card numbers with a reference value or token. The encrypted card number is stored off-site in a secure, PCI-compliant data vault.

You can be anonymous or use a pseudonym when dealing with us, unless:
- the use of your true identity is a legal requirement; or
- it is impracticable for us to deal with you on such basis.

Website usage information and cookies
‍
We will be overlaying analytical procedures on our website, which will include collecting information such as behaviour analytics (i.e. how you interact with the website), your location, your time spent on site, if you are a return visitor and other Google analytic metrics.This process is called collecting cookies. You have the ability to accept or decline cookies.Most web browsers automatically accept cookies, but depending on your browser, you can modify your browser settings to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of our website and/or portal.

We encourage you to review the privacy statements of websites you choose to link to from our website so that you understand how those websites collect, use and share your information. We have no control over and are not responsible for the manner in which the hosts of other websites use personal information they collect from you.

How we hold and store personal information
‍
Your personal information is stored by electronic means. We have independently audited physical, electronic and procedural safeguards in place for personal information and take reasonable steps to ensure that your personal information is protected from misuse, interference, loss and unauthorised access, modification and disclosure. Our staff members receive regular training on privacy and security procedures and our software is regularly tested and updated.

All information (aside from credit card numbers as specified above) will be stored inAustralia with either.
- Amazon Web Services (AWS) Sydney Please visit the AWS site at https://aws.amazon.com/privacy/ to learn more about how they collect, protect anduse this information. Or.
- Microsoft Azure Sydney & Melbourne - Please visit the Azure site at https://docs.microsoft.com/en-us/compliance/regulatory/offering-home to learn more about how they collect, protect and use this information.

Destruction and de-identification
‍
We will retain your personal information whilst it is required for any of our business functions, or for any other lawful purpose. We use secure methods to destroy your personal information when it is no longer needed.

Requests for access and correction
‍
We have procedures in place for dealing with and responding to requests for access to, and correction of, the personal information held about you. In most cases, we expect that we will be able to comply with your request. However, if we do not agree to provide you access or to correct the information as requested, we will give you written reasons for our decision. For further information, please contact us at support@paypaplane.com

‍To assist us to keep our records up-to-date, please notify us at support@paypaplane.com of any changes to your personal information or update your information in your customer account portal which can be accessed here https://client.paypaplane.com/

Data Breaches
‍
If we suspect that a data breach has occurred, we will undertake an assessment into the circumstances of the suspected breach within 30 days after the suspected breach has occurred. Where it is confirmed that a breach has occurred and where required by law, we will notify the Privacy Commissioner and affected customers as soon as practicable after becoming aware that a data breach has occurred.

Complaints and concerns
‍
Our Internal Dispute Resolution Policy establishes how complaints are made and managed at Paypa Plane. Please refer to ‘How to make a complaint’ at here for further details or if you would like to lodge a privacy concern.

Contact
‍
support@paypaplane.com
1300 546 139
‍
Document Approver
Chief Executive Officer
Date Approved 06/10/2022
Version 02.00.01