Last updated on May 16, 2022
Deputec Pty Ltd and its related companies including Deputy Corporation and Deputy EMEA Limited (“Deputy”, “we”, “us”) value and respect the privacy of individuals and is committed to ensuring compliance with data protection legislation where applicable to Deputy, including the European General Data Protection Regulation (Regulation (EU) 2016/679) and its UK equivalent (the “GDPR”), Australia’s Privacy Act 1988 (Cth) and the California Consumer Privacy Act 2018 (the “CCPA”)
Deputy’s Services are mostly intended for use by employer organizations. The party to the Subscription Terms will control its instance of the Services and be responsible for the personal information it discloses to Deputy.
Please note that if Deputy is providing the Services to your employer organization, we use your personal information to allow you to access and use the Services for and on behalf of your employer organization. This makes us a "processor" for the purposes of the GDPR. However, there will be circumstances under which we use your personal information for purposes that are not for and on behalf of your employer organization, for example, if you use the Services or contact us outside of the context of your relationship with your employer organization. Under these circumstances, we may be a “controller" for the purposes of the GDPR. This distinction between whether we act as processor or controller has a number of implications from a GDPR perspective. Please refer to the section titled ‘Additional information for EU/United Kingdom residents’ below for more information that will only apply to you if you are an EU/United Kingdom resident.
If you are a California resident, there is also a section titled ‘Additional information for California residents’ below.
Personal information collected by Deputy
Deputy collects several different types of personal information, including the following:
|Profile information||personal information that is provided by you when you sign up and use our Services; name, signature, account and profile information including contact details (such as an email address, postal address or phone number), date of birth, gender (including gender neutrality) and profile photo.|
|Financial information||transaction history, credit card details and other billing information; financial details including bank account information if your instance of the Services involves Deputy’s Employee Onboarding feature.|
|Employment information||information about your employer(s), term of employment, your remuneration, and position or job function; shift information, including the time and date of shifts worked and scheduled.|
|Sensitive information||health information if your instance of the Services is configured for Deputy to request health information from you and you subsequently provide that information; biometric information if your instance of the Services has a “kiosk” (often an iPad device) installed and facial or voice recognition features are enabled;|
|Geolocation information||if you clock in and/or clock out of your shift on a phone or mobile device.|
|Usage and activity information||information on how the Service is accessed and used, as well as usernames and passwords; records of your communications and interactions with us.|
|Device information||information about your device (e.g. desktop, laptop, phone, tablet) used to access the Services such as connection type and settings, operating system, browser type, IP address, time zone settings, the time spent on webpages, unique device identifiers and other diagnostic data; cookies (and related online tracking technologies) to deliver enhanced functionality and better understand your interaction and usage.|
|Your content||content submitted to Deputy’s websites, or when you participate in any interactive features; information you create and submit to us or enter into the Services (including through Deputy’s Newsfeed service).|
|Your preferences, interests, and opinions||your preferences in receiving marketing communications from us; your feedback and opinions about us and the Services.|
|Support information||information provided by you to our support teams providing assistance to you in relation to our Services including: contact information, written and oral summaries of the issue, documents, images & recordings.|
Certain aspects of your personal information, for example profile information, are required for many Services and if you fail to supply such information as requested for any specific Service, we may be unable to provide you with the Services in full and your enjoyment of such Services may be more limited.
How Deputy collects personal information
We may collect personal information about you when:
you provide it to us directly – e.g. by submitting a form, contacting us or entering it in using the Services
we receive it from another party or source – e.g. your employer organization, our related companies, public information and the parties described under ‘Sharing and disclosure of personal information’ below
we collect it automatically – e.g. via cookies and log data relating to use of the Services.
We may combine personal information with information we collect through other means, and create new information from reviews, investigations and analysis.
Purposes of information collected
Information is collected, stored, used and disclosed by Deputy for purposes including the following:
To provide and deliver the Services to you and our customers (e.g. your employer) and to administer, assess, maintain and improve the performance of the Services.
To allow you to access and use the Services (including authentication).
To personalize and optimize your experience when using the Services and to ensure the Service is relevant to you, your device, and to deliver targeted content based on your information, location and preferences.
To provide you with assistance and support in relation to your use of the Services and to processes and respond to a request or complaint that you may have.
To research and develop the Services for the purposes of improving the Services, and to allow you to participate in surveys or interactive features of our Service when you choose to do so.
To communicate with you about the Services and deliver promotional materials, special offers and general information about the Services which are similar to those you already use or enquired about unless you have opted not to receive such information.
To protect the safety and security of the Services including detecting and responding to security incidents and other malicious or unlawful activity, and to detect, prevent and address technical issues.
To protect Deputy’s legitimate business interests including for fulfilling and exercising our obligations and rights including in circumstances where we are required to comply with regulatory orders and audit processes, and for exercising or defending legal claims.
To generate de-identified statistical data to uncover collective insights about the use of our Service (and not to specifically analyze personal characteristics).
To verify your identity and to detect fraud and potential fraud, including fraudulent payments and fraudulent use of the Service.
In connection with business transfers to facilitate the sale, purchase, merger or demerger of any business by us, including assessing potential transfers and managing transitional arrangements.
Other uses where you have provided your express consent.
Sharing and disclosure of Information
Deputy may share or disclose personal information to various third parties. These third parties are likely to include:
Your and our representatives.
Technology and media partners (e.g. telecommunication service providers) that perform services for us or connect with the Services (e.g. third-party applications, data storage services).
Social media platforms (e.g. where you interact with our account or link your account to us or the Services).
Our lawyers, accountants and professional advisors.
Other third-party service providers, such as third-party branding service providers.
Our related companies.
Law enforcement authorities and government agencies where we are required or permitted to do so by law, or as a result of a legal process.
Any third party that your employer directs us to share or disclose your personal information to.
Deputy operates in multiple countries and regions including Australia, New Zealand, USA, Canada, the United Kingdom and the EU. We may handle personal information, and transfer it to recipients, in these countries and other countries, including the Philippines.
Security of information
Deputy uses industry-standard technical and organizational measures to secure the physical and electronic information we store. For more information about Deputy’s security measures that Deputy, please click here: https://www.deputy.com/au/security-features.
Please note no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe.
After it is determined that your personal information reaches the end of its retention period, we will either delete or anonymize your information or, if this is not possible then we will securely store your information and isolate it from any further use until deletion is possible.
We may use internal and external analytic and product platforms to better understand usage patterns on our website so that we can improve the design and usability of our products. Some web browsers may transmit “do-not-track” signals to websites with which the browser communicates. Our website does not currently respond to these “do-not-track” signals.
Rights in relation to personal information
Subject to certain limitations and restrictions (e.g. depending on circumstances such as where you reside) you may have the right to exercise certain rights in relation to your personal information, including the following:
The right of access to personal information we hold about you.
The right to know what personal information we collect about you, and how it is used and shared.
The right of rectification to update your personal information if it is inaccurate or incomplete.
The right to erasure/deletion (‘right to be forgotten’) of your personal information.
The right to object to our use and handling of your personal information.
The right to restrict our handling of your personal information.
The right of data portability for transfer of your personal information to another party.
The right to withdraw consent you have previously provided to our handling of personal information.
Please note that in order to verify your request or the applicability of any of these rights to your circumstances, we may ask you for further information and to verify your identity before responding to such requests.
Where a request relating to any of the above rights has been made and information has been shared with third parties, Deputy will take all reasonable steps to notify third parties of the request.
In certain circumstances, for example, if we only hold your personal information because we are providing the Services to your employer organization, it may be more appropriate for you to exercise these rights against your employer organization rather against Deputy, in which case we will advise you to do so if you contact us in the first instance.
We may need to contact you to request further details of your complaint. If an investigation has been opened following a complaint made by you, then we will contact you with the result of that complaint as soon as possible. In the unlikely circumstances we are unable to resolve your complaint to your satisfaction, you have the right to lodge a complaint with the relevant privacy data protection authority in your jurisdiction. For reference, we set out below the identify of some of the relevant authorities:
If you reside in the EU and you are unsure of who is the data protection authority is in your country, please refer to this link: https://edpb.europa.eu/about-edpb/board/members_en
If you reside in Australia, your data protection authority is the Office of the Australian Information Commissioner (OAIC): https://www.oaic.gov.au/
If you reside in the United Kingdom, your data protection authority is the Information Commissioner’s Office (ICO): https://ico.org.uk/
If you reside in the United States, data protection regulations are developing, and privacy is handled on a state-by-state basis – in these instances, refer to your state’s Attorney General’s website. The US Department of Commerce also has a dedicated contact to liaison with EU data protection authorities in the event of enquiries or referrals: https://www.privacyshield.gov/article?id=DPA-Liaison-at-Department-of-Commerce
Additional information for EU/United Kingdom residents
Basis for handling personal information
Where we process your personal information as a processor on behalf of your employer organization, your employer organization is responsible for ensuring that there is a legal basis under the GDPR for us processing your personal information on their behalf.
Where we process your personal information as a controller, we need to ensure that there is a legal basis under the GDPR to justify our processing of your personal information. There are a number of different ways that we are lawfully able to process your personal information. We have set these out below.
Where processing your personal information is necessary for us to carry out our obligations arising from any contracts entered into between you and us
If you enter into a contract with us directly in relation to any element of the Services, we may process certain personal information about you in order to perform our obligations under this contract.
Where processing your personal information is within our legitimate interests
We may process your personal information for the purposes of our legitimate interests, for example, in order to: enforce the terms of our website, analyse log data/user statistics to improve the Services for all users, communicate with you about your access to the Services and/or our website, ensure the Services and our website run smoothly and to respond to any of your questions, feedback, claims or disputes.
We do not think that any of our data processing activities prejudice individuals in any way. However, you do have the right to object to us processing your personal information on this basis. Please refer to the section titled “Rights in relation to personal information” for more details about exercising your rights.
Where you give us your consent to process your personal information
We will obtain your opt-in consent prior to sharing your personal information with third-party applications and carrying out certain marketing activities.
As and when we introduce these particular processing activities, we will provide you with more information so that you can decide whether you want to opt-in.
You have the right to withdraw your consent to these activities. Please refer to the section titled “Rights in relation to personal information” for more details about exercising your rights.
Where processing your personal information is necessary for our compliance with a legal obligation
In certain circumstances, we may disclose your personal information for the purposes of compliance with a legal obligation (for example, to comply with a law, regulation or compulsory legal request).
If you are based within the UK/EU we will only process and/or transfer data outside of the European Economic Area or EEA (i.e. the Member States of the European Union, together with Norway, Iceland and Liechtenstein) where it is compliant with the GDPR and the means of transfer provides adequate safeguards in relation to your personal information, including for example:
By way of a data transfer agreement with your employer organization, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal information by controllers in the EEA to controllers and processors in jurisdictions without adequate data protection laws; or
By way of a data transfer agreement with a third party, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal information by controllers in the EEA to controllers and processors in jurisdictions without adequate data protection laws; or
By transferring your personal information to a country where there has been a finding of adequacy by the European Commission in respect of that country's levels of data protection via its legislation; or
Where it is necessary for the conclusion or performance of a contract between Deputy and a third party and the transfer is in your interests for the purposes of that contract (for example, if we need to transfer your personal information to a benefits provider based outside the EEA); orWhere you have consented to the data transfer.
Additional information for California residents
In the past 12 months, we have collected and disclosed (but not sold) personal information in the following categories (from the CCPA): identifiers; customer records; characteristics of protected classifications under California or federal law (e.g. race, religion, sexual orientation, gender, age); commercial information; biometric information; internet/electronic network activity information; geolocation data; audio, electronic, visual, thermal, olfactory or similar information; professional or employment-related information; education information; inferences drawn to create a profile.
You have the right not to be discriminated against for exercising your privacy rights under the CCPA.
Pursuant to Article 27 of the GDPR, Deputy has appointed European Data Protection Office (EDPO) as its GDPR representative in the EU. You can contact EDPO regarding matters relating to the GDPR:
by using EDPO’s online request form; or
by writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium.