Privacy policy

Last updated on May 16, 2022

Deputec Pty Ltd and its related companies including Deputy Corporation and Deputy EMEA Limited (“Deputy”, “we”, “us”) value and respect the privacy of individuals and is committed to ensuring compliance with data protection legislation where applicable to Deputy, including the European General Data Protection Regulation (Regulation (EU) 2016/679) and its UK equivalent (the “GDPR”), Australia’s Privacy Act 1988 (Cth) and the California Consumer Privacy Act 2018 (the “CCPA”) 

This Privacy Policy applies in connection with your use of Deputy’s workforce management subscription solutions available online, on any Deputy software application, or any other Deputy services and products that refer or link to this Privacy Policy including our associated support services (together, the “Services”) that Deputy either provides to your employer organization or to you directly and any other interactions that you have with us, including when you visit our website or speak with us over the phone. 

This Privacy Policy explains how Deputy collects, uses, protects and shares personal information and your rights in relation to that information. Capitalized terms that are not defined in this Privacy Policy have the meaning given to them in Deputy’s subscription terms available at www.deputy.com/terms (“Subscription Terms”). 

Deputy’s Services are mostly intended for use by employer organizations. The party to the Subscription Terms will control its instance of the Services and be responsible for the personal information it discloses to Deputy. 

Please note that if Deputy is providing the Services to your employer organization, we use your personal information to allow you to access and use the Services for and on behalf of your employer organization. This makes us a "processor" for the purposes of the GDPR. However, there will be circumstances under which we use your personal information for purposes that are not for and on behalf of your employer organization, for example, if you use the Services or contact us outside of the context of your relationship with your employer organization. Under these circumstances, we may be a “controller" for the purposes of the GDPR. This distinction between whether we act as processor or controller has a number of implications from a GDPR perspective. Please refer to the section titled ‘Additional information for EU/United Kingdom residents’ below for more information that will only apply to you if you are an EU/United Kingdom resident. 

If you are a California resident, there is also a section titled ‘Additional information for California residents’ below. 

This Privacy Policy does not apply to any third-party websites, applications or software that integrates with the Services or any other third-party products, services or businesses.

Personal information collected by Deputy

Deputy collects several different types of personal information, including the following:

Information type Examples
Profile information personal information that is provided by you when you sign up and use our Services; name, signature, account and profile information including contact details (such as an email address, postal address or phone number), date of birth, gender (including gender neutrality) and profile photo.
Financial information transaction history, credit card details and other billing information; financial details including bank account information if your instance of the Services involves Deputy’s Employee Onboarding feature.
Employment information information about your employer(s), term of employment, your remuneration, and position or job function; shift information, including the time and date of shifts worked and scheduled.
Sensitive information health information if your instance of the Services is configured for Deputy to request health information from you and you subsequently provide that information; biometric information if your instance of the Services has a “kiosk” (often an iPad device) installed and facial or voice recognition features are enabled;
Geolocation information if you clock in and/or clock out of your shift on a phone or mobile device.
Usage and activity information information on how the Service is accessed and used, as well as usernames and passwords; records of your communications and interactions with us.
Device information information about your device (e.g. desktop, laptop, phone, tablet) used to access the Services such as connection type and settings, operating system, browser type, IP address, time zone settings, the time spent on webpages, unique device identifiers and other diagnostic data; cookies (and related online tracking technologies) to deliver enhanced functionality and better understand your interaction and usage.
Your content content submitted to Deputy’s websites, or when you participate in any interactive features; information you create and submit to us or enter into the Services (including through Deputy’s Newsfeed service).
Your preferences, interests, and opinions your preferences in receiving marketing communications from us; your feedback and opinions about us and the Services.
Support information information provided by you to our support teams providing assistance to you in relation to our Services including: contact information, written and oral summaries of the issue, documents, images & recordings.

Certain aspects of your personal information, for example profile information, are required for many Services and if you fail to supply such information as requested for any specific Service, we may be unable to provide you with the Services in full and your enjoyment of such Services may be more limited.

How Deputy collects personal information 

We may collect personal information about you when: 

  • you provide it to us directly – e.g. by submitting a form, contacting us or entering it in using the Services 

  • we receive it from another party or source – e.g. your employer organization, our related companies, public information and the parties described under ‘Sharing and disclosure of personal information’ below 

  • we collect it automatically – e.g. via cookies and log data relating to use of the Services. 

We may combine personal information with information we collect through other means, and create new information from reviews, investigations and analysis. 

If you provide us with information about another person (e.g. if you work for an employer organization and you provide the personal information of the organization’s employees to us), you will let that other person know that we may handle their personal information in the ways set out in this Privacy Policy, and that they can access the Privacy Policy on the Service or request a copy of it from us.

Purposes of information collected

Information is collected, stored, used and disclosed by Deputy for purposes including the following: 

  • To provide and deliver the Services to you and our customers (e.g. your employer) and to administer, assess, maintain and improve the performance of the Services. 

  • To allow you to access and use the Services (including authentication). 

  • To personalize and optimize your experience when using the Services and to ensure the Service is relevant to you, your device, and to deliver targeted content based on your information, location and preferences. 

  • To provide you with assistance and support in relation to your use of the Services and to processes and respond to a request or complaint that you may have. 

  • To research and develop the Services for the purposes of improving the Services, and to allow you to participate in surveys or interactive features of our Service when you choose to do so. 

  • To communicate with you about the Services and deliver promotional materials, special offers and general information about the Services which are similar to those you already use or enquired about unless you have opted not to receive such information. 

  • To protect the safety and security of the Services including detecting and responding to security incidents and other malicious or unlawful activity, and to detect, prevent and address technical issues. 

  • To protect Deputy’s legitimate business interests including for fulfilling and exercising our obligations and rights including in circumstances where we are required to comply with regulatory orders and audit processes, and for exercising or defending legal claims. 

  • To generate de-identified statistical data to uncover collective insights about the use of our Service (and not to specifically analyze personal characteristics). 

  • To verify your identity and to detect fraud and potential fraud, including fraudulent payments and fraudulent use of the Service. 

  • In connection with business transfers to facilitate the sale, purchase, merger or demerger of any business by us, including assessing potential transfers and managing transitional arrangements. 

  • Other uses where you have provided your express consent.

Sharing and disclosure of Information 

Deputy may share or disclose personal information to various third parties. These third parties are likely to include: 

  • Your and our representatives. 

  • Technology and media partners (e.g. telecommunication service providers) that perform services for us or connect with the Services (e.g. third-party applications, data storage services). 

  • Social media platforms (e.g. where you interact with our account or link your account to us or the Services). 

  • Our lawyers, accountants and professional advisors. 

  • Other third-party service providers, such as third-party branding service providers.

  • Our related companies. 

  • Law enforcement authorities and government agencies where we are required or permitted to do so by law, or as a result of a legal process. 

  • Any third party that your employer directs us to share or disclose your personal information to. 

Deputy operates in multiple countries and regions including Australia, New Zealand, USA, Canada, the United Kingdom and the EU. We may handle personal information, and transfer it to recipients, in these countries and other countries, including the Philippines.

Security of information 

Deputy uses industry-standard technical and organizational measures to secure the physical and electronic information we store. For more information about Deputy’s security measures that Deputy, please click here: https://www.deputy.com/au/security-features. 

Please note no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe.

Retention

Your personal information will be retained for only the period that is necessary according to the purpose it was originally collected for, or to fulfil the purpose outlined in this Privacy Policy, or to meet legislative or regulatory obligations, such as financial reporting requirements.

After it is determined that your personal information reaches the end of its retention period, we will either delete or anonymize your information or, if this is not possible then we will securely store your information and isolate it from any further use until deletion is possible.

Cookies

We also use “cookies” to collect information and improve our Services. A cookie is a small data file that we transfer to your device. We may use “persistent cookies” to save your registration ID and login password for future logins to the Service. Persistent cookies as used in this Deputy Privacy Policy means storage of the session identifier in cookies for purposes of associating the cookies with a logged-in user. Deputy’s login sessions and cookies expire in 24 hours by default, and the cookie is persistent for the designated session time only. We may use “session ID cookies” to enable certain features of the Service, to better understand how you interact with the Service and to monitor aggregate usage and web traffic routing on the Service. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may not be able to use all aspects of the Services.

Online Tracking

We may use internal and external analytic and product platforms to better understand usage patterns on our website so that we can improve the design and usability of our products. Some web browsers may transmit “do-not-track” signals to websites with which the browser communicates. Our website does not currently respond to these “do-not-track” signals.

Marketing

From time to time we may send you direct marketing communications regarding our Services. We may contact you by electronic messages (e.g. email), online (e.g. through our Service), by mail and by other means, unless you opt-out or we are subject to legal restrictions from doing so. You may opt-out of receiving electronic messages from us at any time by contacting us via the contact details at the bottom of this Privacy Policy or by using the opt-out mechanism included in our marketing messages.

Rights in relation to personal information

Subject to certain limitations and restrictions (e.g. depending on circumstances such as where you reside) you may have the right to exercise certain rights in relation to your personal information, including the following: 

  • The right of access to personal information we hold about you. 

  • The right to know what personal information we collect about you, and how it is used and shared. 

  • The right of rectification to update your personal information if it is inaccurate or incomplete.

  • The right to erasure/deletion (‘right to be forgotten’) of your personal information.

  • The right to object to our use and handling of your personal information.

  • The right to restrict our handling of your personal information. 

  • The right of data portability for transfer of your personal information to another party. 

  • The right to withdraw consent you have previously provided to our handling of personal information. 

Please note that in order to verify your request or the applicability of any of these rights to your circumstances, we may ask you for further information and to verify your identity before responding to such requests.

Where a request relating to any of the above rights has been made and information has been shared with third parties, Deputy will take all reasonable steps to notify third parties of the request.

If you have any questions about these privacy rights, or how to exercise them, please contact us using the contact details at the bottom of this Privacy Policy. We will confirm receipt of your request and provide information on how we intend to respond. Further, we will respond to your request in accordance with permitted or required timeframes set out in applicable laws.

In certain circumstances, for example, if we only hold your personal information because we are providing the Services to your employer organization, it may be more appropriate for you to exercise these rights against your employer organization rather against Deputy, in which case we will advise you to do so if you contact us in the first instance.

Complaints

We take your privacy concerns seriously. If you have a complaint regarding our handling of your personal information or concerning our privacy practices, you may file a complaint with us using the contact details set out at the bottom of this Privacy Policy. We will confirm receipt of your complaint and, where appropriate, open an investigation into your complaint.

We may need to contact you to request further details of your complaint. If an investigation has been opened following a complaint made by you, then we will contact you with the result of that complaint as soon as possible. In the unlikely circumstances we are unable to resolve your complaint to your satisfaction, you have the right to lodge a complaint with the relevant privacy data protection authority in your jurisdiction. For reference, we set out below the identify of some of the relevant authorities:

  • If you reside in the EU and you are unsure of who is the data protection authority is in your country, please refer to this link: https://edpb.europa.eu/about-edpb/board/members_en

  • If you reside in Australia, your data protection authority is the Office of the Australian Information Commissioner (OAIC): https://www.oaic.gov.au/

  • If you reside in the United Kingdom, your data protection authority is the Information Commissioner’s Office (ICO): https://ico.org.uk/

  • If you reside in the United States, data protection regulations are developing, and privacy is handled on a state-by-state basis – in these instances, refer to your state’s Attorney General’s website. The US Department of Commerce also has a dedicated contact to liaison with EU data protection authorities in the event of enquiries or referrals: https://www.privacyshield.gov/article?id=DPA-Liaison-at-Department-of-Commerce

Additional information for EU/United Kingdom residents

Basis for handling personal information

Where we process your personal information as a processor on behalf of your employer organization, your employer organization is responsible for ensuring that there is a legal basis under the GDPR for us processing your personal information on their behalf.

Where we process your personal information as a controller, we need to ensure that there is a legal basis under the GDPR to justify our processing of your personal information. There are a number of different ways that we are lawfully able to process your personal information. We have set these out below.

Where processing your personal information is necessary for us to carry out our obligations arising from any contracts entered into between you and us

  • If you enter into a contract with us directly in relation to any element of the Services, we may process certain personal information about you in order to perform our obligations under this contract.

Where processing your personal information is within our legitimate interests

  • We may process your personal information for the purposes of our legitimate interests, for example, in order to: enforce the terms of our website, analyse log data/user statistics to improve the Services for all users, communicate with you about your access to the Services and/or our website, ensure the Services and our website run smoothly and to respond to any of your questions, feedback, claims or disputes.

  • We do not think that any of our data processing activities prejudice individuals in any way. However, you do have the right to object to us processing your personal information on this basis. Please refer to the section titled “Rights in relation to personal information” for more details about exercising your rights.

Where you give us your consent to process your personal information

  • We will obtain your opt-in consent prior to sharing your personal information with third-party applications and carrying out certain marketing activities. 

  • As and when we introduce these particular processing activities, we will provide you with more information so that you can decide whether you want to opt-in. 

You have the right to withdraw your consent to these activities. Please refer to the section titled “Rights in relation to personal information” for more details about exercising your rights.

Where processing your personal information is necessary for our compliance with a legal obligation

  • In certain circumstances, we may disclose your personal information for the purposes of compliance with a legal obligation (for example, to comply with a law, regulation or compulsory legal request).

International transfers

If you are based within the UK/EU we will only process and/or transfer data outside of the European Economic Area or EEA (i.e. the Member States of the European Union, together with Norway, Iceland and Liechtenstein) where it is compliant with the GDPR and the means of transfer provides adequate safeguards in relation to your personal information, including for example:

  • By way of a data transfer agreement with your employer organization, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal information by controllers in the EEA to controllers and processors in jurisdictions without adequate data protection laws; or

  • By way of a data transfer agreement with a third party, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal information by controllers in the EEA to controllers and processors in jurisdictions without adequate data protection laws; or

  • By transferring your personal information to a country where there has been a finding of adequacy by the European Commission in respect of that country's levels of data protection via its legislation; or

  • Where it is necessary for the conclusion or performance of a contract between Deputy and a third party and the transfer is in your interests for the purposes of that contract (for example, if we need to transfer your personal information to a benefits provider based outside the EEA); orWhere you have consented to the data transfer.

Additional information for California residents

In the past 12 months, we have collected and disclosed (but not sold) personal information in the following categories (from the CCPA): identifiers; customer records; characteristics of protected classifications under California or federal law (e.g. race, religion, sexual orientation, gender, age); commercial information; biometric information; internet/electronic network activity information; geolocation data; audio, electronic, visual, thermal, olfactory or similar information; professional or employment-related information; education information; inferences drawn to create a profile.

You have the right not to be discriminated against for exercising your privacy rights under the CCPA.

Privacy Policy changes

Deputy may change this Privacy Policy at any time. Deputy will post any such changes online. If the changes are material, we may provide a more prominent notice or by sending you a separate electronic notice. If you disagree with any changes to this privacy policy, you will need to stop using the Services and deactivate your account.

Contact Us

If Deputy is providing the Services to your employer and/or you are not party to the Subscription Terms (and your employer is) then your employer will be able to help you with your privacy-related questions and requests. Please note that Deputy is not responsible for the privacy or security practices of an employer organization, which may be different than the practices described in this privacy policy. 

If you otherwise have questions about this Privacy Policy, concerns about how your information is handled, or if you wish to exercise your legal rights, please email us at privacy@deputy.com. California residents may alternatively call us on 1-888-532-4785. The company responsible for our compliance with this Privacy Policy is Deputec Pty Ltd ACN 133 632 327 of 4/1-3 Smail St, Ultimo, NSW 2007 Australia and our EU Representative is Deputy EMEA Limited of Herschel House, 58 Herschel Street, Slough, Berkshire, United Kingdom, SL1 1PG.

European Representative
Pursuant to Article 27 of the GDPR, Deputy has appointed European Data Protection Office (EDPO) as its GDPR representative in the EU. You can contact EDPO regarding matters relating to the GDPR:

  1. by using EDPO’s online request form; or

  2. by writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium.