Tanda Privacy Policy

Effective from: 1st September 2025

Previous versions available at: www.tanda.com.au/legal/privacy-expired

1. Who are we?

In this policy, 'Tanda', 'we', 'us' and 'our' refer to EPI Capital Pty Ltd ACN 158 472 943, Tanda Software Pty Ltd ACN 688 399 724 and its Related Entities and Related Bodies Corporate (as defined in the Corporations Act 2001 (Cth)). Our headquarters are in Australia, but we operate all over the world. If you have any questions about this policy, please contact us at:

Address: Level 4/108 Wickham Street, Fortitude Valley Queensland 4006, Australia or

Email: privacy@tanda.com.au

‍

Alternatively, if you are a resident of the EEA or UK, we are available at:

Address: 1 Mark Square, London EC2A 4EG, United Kingdom

Email: privacy@workforce.com

2. What does this policy cover?

This policy describes how we collect, use, keep secure and disclose Personal Information. 'Personal Information' means any information or an opinion about an identified individual, or an individual who is reasonably identifiable. Personal Information includes, without limitation, your name, email, address, phone number, bank account details, payment information, support queries, community comments. In some countries, Personal Information can also include data about your device, such as your IP address and device type.

This policy applies to Personal Information we collect:

across all our websites, software and apps, in connection with our products and services; and
from third party data sources, or through surveys, events, customer support interactions, promotional activities, and training.

3. How do we collect your Personal Information?

We will collect your Personal Information:

directly from you as much as possible, including when you visit our websites, use our apps, products or services, or engage in conversations with us (eg we will collect your contact information and any other details you share when you request support). If you do not provide certain details, you may only be able to use parts of our products and services;
automatically when you visit our websites, or use our apps, products and services (eg data about the pages you look at and the links you click on);
from third parties, including your employer or employees, accountants or other representatives, and our trusted service providers (eg providers of email, marketing, analytics, financial, credit and payment services), related companies, social media platforms, and credit reporting agencies;
when we are required to do so by law; and
from our own records of your usage of our services.

If we inadvertently collect Personal Information about you, in circumstances where we have not requested it and we consider it is not required, we will destroy or de-identify that information.

4. What kinds of Personal Information do we collect?

The type of Personal Information we collect depends on how you interact with us. Some common examples are listed below:

General

If you are a customer, or employee of our customer, we may collect:

contact information such as your name, company name, address, billing address, email address, or phone numbers;
account information such as your login and profile information;
transaction sales information such as credit or debit card details, billing address, billing contacts, subscription details, and other details of services you receive from us;
ID verification and credit report information including government-issued identification documents (passport, driver's licence), residency details, and date of birth;
communications information such as feedback on our services, information you provide to us as part of your communications with us or our service providers, survey entries, chat, email or call history, and (only if you consent) call recordings;
marketing and advertising information such as interests based on your use of our services, survey responses, communication preferences, and subscription details;
service usage information such as information about your subscription, use of and interaction with our services, integration of third-party services, and management of invited users within your subscription;
social media information posted or uploaded to our social media profiles (or to your social media activities pertaining to us) including 'likes', comments, feedback, photos, and other information that contain Personal Information;
device information including your internet protocol (IP) address, internet service provider (ISP), web browser, device type, operating system, and device identifiers; and
uploaded content such as any Personal Information in photographs, videos or audio recordings that you upload to our websites or apps.

‍

Current and prospective employees or contractors of Tanda

If you are an employee or contractor of Tanda, or apply for a job or other engagement with us, we will also collect recruitment information including your CV, resume, work history, education, eligibility to work in Australia, taxation details, superannuation details, payroll information, background check information, information collected from referees (nominated by you), medical or health information you voluntarily provide to us during pre-employment screening, and security information (eg CCTV footage and photographs taken on our premises).

‍

Product-specific

In addition to the types of information listed under the 'General' heading above, specific types of information are collected from users of each product or service, as detailed below:

(TANDA Workforce Management Software; Tanda HR Software):

location information including specific location information you provide us via your device (using GPS, wireless, or Bluetooth technology) and manually input.

When you use specific functionalities in our TANDA Workforce Management Software, you may be asked to share your mobile device’s precise GPS geo-location information. Whether or not we collect this location information is entirely determined by your employer in their sole discretion (e.g. they may only allow you to clock in or clock out if they can verify your location via your device).

If you do not wish to allow the collection of your precise location, in most cases you will be able to turn off such data collection at any time by accessing the privacy settings of your mobile device, or adjusting the permissions for our app. However, please note some of the app's features may not work properly if you turn this off, and we are not responsible for any consequences of turning off such location tracking.

employment performance information including workplace engagement information, and performance reviews;
employment related information including occupation or job title, information related to your current and past employers and roles, key dates relating to your current and past roles, eligibility to work in Australia, information relating to your qualifications and training, salary details, superannuation and tax information

(TANDA Payroll Software):

payroll related information, superannuation payment information, earnings information including payslips and payment summaries, deductions, employment termination information;

(TANDA Applicant Tracking System):

recruitment information (as defined above), plus information regarding the outcomes of your application, including whether or not you were successful in obtaining employment and the details of that employment;

(Employment Law Handbook): please refer to the Employment Law Practical Handbook privacy policy; and

(Health and Safety Handbook): please refer to the Workplace Health and Safety Handbook privacy policy; and

(Tanda Workplace Protect): please refer to the Tanda Workplace Protect Privacy Policy

5. How do we use your Personal Information?

We use your Personal Information to operate our services, and to manage our relationship with you. Otherwise, we will only use your Personal Information for:

the purpose for which it was collected (as detailed in this policy or as explained to you when we collect your Personal Information); and
related purposes, where permitted by law.

At or around the time we collect Personal Information from you, we will endeavour to provide you with a notice which details how we will use and disclose that specific information.

This list details the specific purposes for which we use your Personal Information:

to provide products and services to you (e.g. to manage your subscription, facilitate your purchases, and provide, maintain and deliver our products and services (including using AI/ML) in accordance with the applicable Terms of Use). This includes monitoring, troubleshooting, data analysis, testing, system maintenance, reporting, and data hosting. The categories of Personal Information we use for this purpose are: contact information, account information, transaction sales information, communications information, device information, location information, employment related information, and service usage information;
to collect payments and to administer your account (e.g. to send you service updates, invoices, technical notifications, security alerts, support messages, and enquiry responses). We may contact you by email, telephone, SMS, and social media. The categories of Personal Information we use for this purpose are: contact information, account information, transaction sales information, communications information, service usage information, and uploaded content;
to maintain and update our business infrastructure and security systems (e.g. we use malware and other monitoring tools to detect suspicious activity and block unauthorised access). We do this to address threats and fraud, and to protect you and our business. The categories of Personal Information we use for this purpose are: contact information, account information, transaction sales information, communications information, device information, location data, service usage information, and uploaded content;
to improve and develop our products and services (eg to inform business decisions by understanding customer behaviour (including use of AI/ML)). The categories of Personal Information we use for this purpose are: contact information, account information, transaction sales information, communications information, marketing and advertising information, device information, location information, service usage information, and uploaded content;
to promote our products and services to you (eg to contact you about products, services, and events we think may be of interest, including those of our related companies and partners). We or our partners may contact you by email, telephone, SMS, or social media. You give your express and informed consent to us and our partners using your Personal Information in relation to direct marketing and sales as set out in this paragraph. If you have provided your inferred or implied consent (eg not opting out where an opt-out opportunity has been provided to you) or if it is within your reasonable expectation that we or our partners send you direct marketing material, then we or our partners may also use your Personal Information to send you direct marketing material. We will give you the ability to opt-out from receiving any direct marketing messages from us or our partners that you no longer wish to receive. The categories of Personal Information we use for this purpose are: contact information, communications information, marketing and advertising information, device information, service usage information, employment related information, and uploaded content;
to personalise content (eg to provide local or otherwise targeted information for customers, and to tailor the content served on our websites and apps). The categories of Personal Information we use for this purpose are: contact information, marketing and advertising information, device information, location information, employment related information, and service usage information;
for quality assurance, training and record-keeping (eg to review communications with you for customer support quality assurance and training, and related record-keeping). The categories of Personal Information we use for this purpose are: contact information, transaction sales information, communications information, and service usage information;
to conduct surveys. The categories of Personal Information we use for this purpose are: contact information, communications information, marketing and advertising information, and uploaded content;
for research and related purposes (eg we may personalise, target, and deliver advertising on our websites and apps, and via third party websites and services). We may also identify audiences and individuals like you to better tailor our marketing campaigns and communications, and measure the effectiveness of our campaigns and adjust our methods. We may also aggregate your information with other information and then use it for benchmarking, and marketing and consumer analytics. The categories of Personal Information we use for this purpose are: contact information, marketing and advertising information, device information, and service usage information;
for compliance management (eg to investigate any suspected breach of the applicable Terms of Use, or unlawful activity engaged in by you). The categories of Personal Information we use for this purpose are: any identified as being necessary for this purpose;
for legal and regulatory compliance (eg to respond to requests under privacy or other applicable laws). The categories of Personal Information we use for this purpose are: any identified as being necessary for this purpose;
for processing information when undertaking mergers, acquisitions, reorganisations, or disposals, as permitted or required in accordance with applicable law. The categories of Personal Information we use for this purpose are: any identified as being necessary for this purpose; and
to manage legal claims (eg to preserve our legal rights, and investigate, defend, and bring claims to protect our interests). The categories of Personal Information we use for this purpose are: any identified as being necessary for this purpose.

In addition to the above, we may use your Personal Information for specific purposes, based on your use of our products and services, as detailed below:

(TANDA Workforce Management Software; TANDA Operations Module): the use of location information is determined by the customer with which your account is associated;
(TANDA Payroll Software; TANDA HR Software): to assess candidate suitability for a role;
(TANDA Applicant Tracking System): the types of uses we will make of Personal Information collected via the ATS Platform include:
- the provision of our services via the ATS Platform, including creating an account for you and processing your applications;
- to contact you regarding other employment opportunities and generally engage with you in the conduct of recruitment, or recruitment-adjacent, functions;
- to manage, maintain, develop, improve and enhance the ATS Platform and for other development, research, data analytics, diagnostic and corrective purposes in connection with the ATS Platform and other Tanda offerings;
- for general administrative and security purposes such as ensuring our website and platform remain secure; maintaining and developing our products and for quality assurance purposes;
- to monitor your use of the ATS Platform to ensure you are using the ATS Platform in the manner in which it is intended to be used, and in accordance with the applicable Terms of Use;
- to aggregate with other information and then to use it for marketing and consumer analytics;
- to offer you updates on products, events or information that may be of interest to you; and
- for marketing and promotional activities by us (including by direct mail, telemarketing and email) such as our email alerts, product awareness information and newsletters;
(Employment Law Handbook): please refer to the Employment Law Practical Handbook privacy policy; and
(Health and Safety Handbook): please refer to the Workplace Health and Safety Handbook privacy policy; and
(Tanda Workplace Protect): please refer to the Tanda Workplace Protect Privacy Policy

6. How do we disclose your Personal Information?

There will be situations where we need to share your Personal Information with third parties outside of Tanda. In the normal course of business and in order to provide your services, we may need to disclose your Personal Information to organisations including:

our related companies who enable us to provide you with our services, or who otherwise use Personal Information for the purposes in this policy;
our service providers (eg providers who are carefully selected to assist us with billing, customer support, hosting and storage, data analytics, security, marketing and email services). Note, we will only share your phone number or SMS opt-in consent status with such third parties for their own marketing purposes with your explicit consent;
your legal, accounting, financial or other professional advisors, or organisations providing you with credit or financing;
third party providers of software that integrate with our websites and apps;
credit agencies or fraud reporting agencies, if you use the service for making financial transaction instructions;
our legal representatives, accountants, professional advisors, bankers, and other organisations involved in managing our trade receivables, business, financial affairs;
regulators, law enforcement bodies, government agencies, courts or other authorities where we think it is necessary to: comply with applicable laws or regulations; exercise, establish or defend our legal rights; or protect your interests or those of any other person. Where possible and appropriate, we will notify you of this type of disclosure;
other organisations who subscribe to our client base research data. Note, your Personal Information will be aggregated and de-identified before being shared in this way;
actual or potential buyers (and their agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business;
your superannuation fund or other financial service providers, where you are an employee of one of our customers and that employer uses our services to facilitate their contributions to your fund;
your employer, where you are an employee of one of our customers, and you have been invited to use our services by that employer; and
other people where: we have your consent; or permitted by law.

You will not be notified of the disclosure of your Personal information to the parties identified above, and you may be contacted by these parties.

7. Sensitive information

We may also collect sensitive information that you provide to us (eg health information, racial or ethnic origin, political opinions, membership of a political organisation, religious beliefs or affiliations, trade union membership details, or biometric information that is to be used for the purposes of automated biometric verification or biometric identification or biometric templates).

Although we try to limit the volume of sensitive information collected, the nature of our services means we may need to collect sensitive information from you (and you will need to collect sensitive information from your employees).

We will only collect sensitive information from you or use sensitive information to send you direct marketing communications, with your express consent (obtained at or around the time we collect sensitive information).

8. Cookies and similar tracking technology

A 'cookie' is a small text file that is placed on your computer or mobile device when you visit one of our websites. We may use cookies to: monitor traffic patterns or trends; perform analytics; and enhance and customise your experience. We may also gather your IP address as part of our business activities and to assist with operational difficulties or service support issues.

Although this information does not identify you personally, it may identify your ISP. If combined with other sources of Personal Information, it may enable us to identify you. You can accept or reject cookies through your web browser controls. They are often important, so our websites and apps may not work as intended (or at all) if you decide to reject our cookies.

9. Anonymity

Given the nature of our products and services, it is not practicable for us to provide you with the option of dealing with us on an anonymous basis or through the use of a pseudonym.

Your Personal Information is required in order to provide you with our products and services or to resolve any issue you may have.

10. Cross border disclosure

Any Personal Information collected and held by us may be disclosed to, and processed in, a country outside the country you live in. For example, we currently use third party service providers and infrastructure located in Ireland, Estonia, Netherlands, Philippines, United Kingdom and United States of America.

These countries may have privacy laws that are different to the laws that apply in your country of residence. When we transfer data to another country, we put safeguards in place to protect your Personal Information.

11. Security of your Personal Information

We take reasonable steps to ensure that your Personal Information is protected from misuse, loss, unauthorised access, modification or disclosure. For more details, please see our Security page.

No method of transmission over the internet, or method of electronic storage is 100% secure.

You can help to keep your Personal Information secure by maintaining the confidentiality of any login credentials used to access our products and services.

12. Your authority

We will retain your Personal Information for as long as we have a relationship with you, and for a period of time afterwards where we have an ongoing business or legal need to keep it (eg to comply with legal, tax, or accounting requirements).

After that, we will make sure your Personal Information is deleted or de-identified.

13. Access to and correction of your Personal Information

Please notify us of errors, omissions or changes in your Personal Information, so we can check our records are accurate and up-to-date. This is especially important for information we need to communicate with you (eg a change in name, email address, or phone number).

You can ask us to stop sending you marketing communications at any time, by following the unsubscribe instructions in the marketing communication.

Subject to certain exceptions permitted by law, you also have the right to:

know what Personal Information we hold about you, and correct any that is inaccurate or out-of-date;
request a copy of your Personal Information we hold;
ask us to delete or restrict processing of your Personal Information;
request erasure or de-indexing of online search results which contain your Personal Information; and
object to our continued processing of your Personal Information.

You can exercise these rights at any time by contacting us at the details above. We reserve the right to charge a reasonable fee for the provision of this information.

14. Resolving privacy concerns

If you have any concerns about how we are processing your Personal Information, please contact us at the details above. We will review and investigate your complaint, and get back to you within a reasonable timeframe.

You can also contact the Office of the Australian Information Commissioner (www.oaic.gov.au), or your local data protection authority, who will be able to advise you how to submit a complaint.

15. Updates

We may modify this policy from time to time. If we make a material change, we will take reasonable steps to notify you (eg by email or by notice on our website and apps).

16. Acceptance

By using our website or purchasing a product or service from us, where you have been provided with a copy of this policy or had a copy of this policy reasonably available to you, you are: acknowledging you have been informed of all of the matters in this policy; and agreeing to provide the consents given by you in this policy.

17. Additional information if you are in the EEA or UK

If you are a resident of the European Economic Area (EEA) or United Kingdom (UK) for the purposes of the General Data Protection Regulation (GDPR), then this section applies to you in relation to the Personal Information we process under this policy. In this section, references to 'Personal Information' are to be interpreted as 'Personal Data' as defined by the GDPR.

In general, we process the Personal Information under our services agreements with our customers (usually, employers). We are: a data processor for the purposes of the GDPR in the performance of services; and a data controller only in terms of the Personal Information of Tanda’s EU resident employees.

In addition to your rights of access and correction as set out above, you may:

(access) request access to your Personal Information held by us;
(rectification) request to update or rectify the Personal Information we hold about you;
(erasure) withdraw your consent to our use of your Personal Information as described in this policy by deletion or erasure of your Personal Information that we hold where it is no longer required for the purpose for which it was collected;
(restriction on processing) obtain from the controller (usually, this is your employer) a restriction on processing of your Personal Information where:
- accuracy of the Personal Information is contested;
- the processing by the processor is unlawful (and you oppose erasure but request restriction of use);
- we no longer need your Personal Information; or
- you have objected to processing pursuant to your right to object under Article 21(1) of the GDPR; and
(data portability) request that we:
- provide you with a copy of the Personal Information that we hold about you in a portable and machine-readable form; or
- share your Personal Information with a nominated third party.

If you wish to exercise any of these rights, please send your request in writing through your employer. Or, if we hold your Personal Information separate to your relationship as an employee of our customer, please contact us at the details above.

We will process your request promptly and within one month of receipt of receiving it.

If you have any concerns regarding our collection or processing of your Personal Information, then you also have a right to complain to a supervisory authority (within the meaning of the GDPR).

Professional Services

Hospitality

Restaurants

Retail

Healthcare

Grocery

Early Learning

Pharmacy

Clubs

Franchises

Quick Service Restaurants

Tanda Privacy Policy