Privacy Policy

1.1 About This Policy

This Privacy Policy explains how Teamified Pty Ltd ("Teamified," "we," "us," or "our") collects, uses, discloses, and protects personal information when you use our platform and products, including Alexia, HRIS, ATS, Team Connect, and Jobseeker Portal (collectively, the "Platform").

We are committed to protecting your privacy and handling your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1.2 Scope

This Policy applies to:

• -Customers who subscribe to and use the Platform
• -Users who access the Platform under a Customer's account
• -Employees whose information is managed through our HRIS
• -Candidates who apply for jobs through our ATS and Jobseeker Portal
• -Visitors to our websites
• -Anyone who contacts us or interacts with our services

1.3 Our Role

Depending on the context, Teamified acts as:

• -Data Controller/APP Entity: For information we collect directly (account registration, website visitors, marketing)
• -Data Processor/Service Provider: For information our Customers input into the Platform (employee data in HRIS, candidate data in ATS)

When we process information on behalf of Customers, those Customers are responsible for their own privacy obligations to their employees, candidates, and other data subjects.

1.4 Definitions

"Personal Information" means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not and whether recorded in a material form or not.

"Sensitive Information" means personal information about racial or ethnic origin, political opinions, religious beliefs, trade union membership, sexual orientation, criminal record, health information, genetic information, or biometric data.

"Customer" means an organisation or individual that subscribes to the Platform.

"User" means any individual who accesses the Platform under a Customer's account.

"Employee Data" means personal information about a Customer's employees processed through the HRIS.

"Candidate Data" means personal information about job applicants processed through the ATS or Jobseeker Portal.

2.1 Information You Provide Directly

2.2 Information Collected Through Platform Use

2.3 Information Collected Automatically

2.4 Information from Third-Party Sources

3.1 Providing and Operating the Platform

We use personal information to:

• -Create and manage your account
• -Provide access to Platform features and products
• -Process AI queries and generate insights
• -Enable integrations with third-party services
• -Process payments and manage subscriptions
• -Provide customer support and respond to enquiries

3.2 AI-Powered Features

We use information to power AI features, including:

• -Analysing documents and generating summaries
• -Providing business intelligence and insights
• -Generating recommendations and suggestions
• -Powering conversational AI assistants
• -Automating workflows and tasks
• -Transcribing and analysing voice interactions

Important: We do not use your Customer Data to train our general AI models. See Section 7 for details.

3.3 HRIS Functions

For HRIS users, we process Employee Data to:

• -Maintain employee records and profiles
• -Manage leave requests and balances
• -Support performance management processes
• -Track training and development
• -Generate HR reports and analytics
• -Support compliance and audit requirements
• -Enable employee self-service functions

3.4 ATS and Recruitment Functions

For ATS users, we process Candidate Data to:

• -Receive and manage job applications
• -Screen and shortlist candidates
• -Schedule interviews and assessments
• -Facilitate communication with candidates
• -Generate recruitment analytics
• -Support hiring decisions (with human oversight)
• -Manage offer and onboarding processes

3.5 Communication and Collaboration

For Team Connect users, we process information to:

• -Enable messaging and communication
• -Facilitate video and audio conferencing
• -Support file sharing and collaboration
• -Provide search and discovery features
• -Generate activity feeds and notifications

3.6 Improving and Developing the Platform

We use information to:

• -Analyse usage patterns and trends (in aggregate)
• -Identify and fix bugs and issues
• -Develop new features and products
• -Improve AI model performance (using anonymised data only)
• -Conduct research and analysis

3.7 Security and Compliance

We use information to:

• -Detect and prevent fraud, abuse, and security threats
• -Monitor for Terms of Service violations
• -Verify identity and prevent unauthorised access
• -Comply with legal obligations
• -Respond to legal requests and enforce our rights

3.8 Marketing and Communications

With your consent or where permitted by law, we use information to:

• -Send product updates and announcements
• -Share educational content and best practices
• -Inform you of new features and services
• -Conduct surveys and gather feedback

You can opt out of marketing communications at any time.

4.1 Under Australian Privacy Law

We collect and use personal information where:

• -It is reasonably necessary for our functions or activities
• -You have consented to the collection
• -It is required or authorised by law
• -It is necessary to prevent a serious threat to life, health, or safety

4.2 For Sensitive Information

We only collect Sensitive Information where:

• -You have provided explicit consent
• -It is required or authorised by law
• -It is necessary to prevent a serious threat to life, health, or safety
• -It relates to legal proceedings or legal advice
• -It is necessary for establishing, exercising, or defending legal claims

4.3 Customer Responsibilities

When Customers input Employee Data or Candidate Data into the Platform, they are responsible for:

• -Having a lawful basis to collect and share that information with us
• -Providing appropriate privacy notices to data subjects
• -Obtaining necessary consents where required
• -Complying with applicable employment and privacy laws

5.1 We Do Not Sell Personal Information

We do not sell, rent, or trade personal information to third parties for their marketing purposes.

5.2 Sharing with Service Providers

We share information with trusted service providers who assist us in operating the Platform, including:

All service providers are bound by contractual obligations to protect personal information and use it only for specified purposes.

5.3 Sharing with Integrations

When you connect third-party integrations, we share information as necessary to enable the integration. You control which integrations are connected and can disconnect them at any time.

5.4 Sharing Within Customer Organisations

Within a Customer's organisation:

• -Administrators can access User information and activity
• -Managers may access reports on their team members (in HRIS)
• -Recruiters can access Candidate Data (in ATS)
• -Users can see other Users' profiles and shared content (in Team Connect)

Customers control access permissions within their organisation.

5.5 Legal and Compliance Disclosures

We may disclose information where:

• -Required by law, regulation, or legal process
• -Necessary to protect our rights, property, or safety
• -Necessary to protect the rights, property, or safety of others
• -Requested by law enforcement or government authorities
• -Necessary to detect, prevent, or address fraud or security issues

Where permitted, we will notify you of such requests.

5.6 Business Transfers

In the event of a merger, acquisition, reorganisation, or sale of assets, personal information may be transferred to the acquiring entity. We will provide notice before personal information becomes subject to a different privacy policy.

5.7 Aggregated and Anonymised Data

We may share aggregated, anonymised data that cannot reasonably identify individuals for:

• -Industry benchmarking and research
• -Product development and improvement
• -Marketing and promotional purposes

6.1 Security Measures

We implement comprehensive security measures to protect personal information:

6.2 Employee Security

• -Background checks for employees with data access
• -Security awareness training
• -Confidentiality agreements
• -Access limited to job requirements

6.3 Incident Response

In the event of a data breach:

• -We will investigate and contain the incident promptly
• -We will notify affected Customers without undue delay
• -We will notify relevant authorities as required by law (including the OAIC for eligible data breaches)
• -We will take steps to mitigate harm and prevent recurrence

6.4 Your Security Responsibilities

You are responsible for:

• -Maintaining the security of your account credentials
• -Using strong, unique passwords
• -Enabling multi-factor authentication
• -Reporting suspected security incidents promptly
• -Ensuring appropriate access controls within your organisation

7.1 How AI Features Work

Our AI features analyse your data to provide insights, generate content, and automate tasks. This includes:

• -Processing documents you upload
• -Analysing conversation history to provide context
• -Generating reports and recommendations
• -Providing intelligent search and discovery
• -Automating routine tasks

7.2 No Training on Customer Data

We do not use your Customer Data to train our general AI models.

• -Your data is used only to provide services to you
• -AI outputs are generated in real-time based on your queries
• -Your data is not combined with other customers' data for training
• -You retain ownership of your data and AI outputs

7.3 AI Model Providers

We use third-party AI model providers (such as OpenAI and Anthropic) to power certain features. When we send data to these providers:

• -Data is transmitted securely using encryption
• -We have data processing agreements in place
• -Providers are contractually prohibited from using your data for training
• -Data is processed only to generate responses to your queries

7.4 Aggregated Improvements

We may use aggregated, anonymised insights to improve our AI features, such as:

• -Understanding common query patterns
• -Improving response accuracy
• -Developing new features

This aggregated data cannot identify you or your organisation.

7.5 AI Accuracy and Limitations

AI-generated outputs may contain errors or inaccuracies. You should:

• -Review AI outputs before relying on them
• -Not use AI outputs as professional advice
• -Maintain human oversight of AI-assisted decisions
• -Verify important information independently

7.6 Voice and Audio Processing

When you use voice features:

• -Audio is processed to generate transcripts and responses
• -Transcripts may be retained to provide conversation history
• -You can delete conversation history through your account settings
• -Voice data is not used to train general AI models

8.1 Retention Principles

We retain personal information only for as long as necessary to:

• -Provide the Platform and fulfil our contractual obligations
• -Comply with legal and regulatory requirements
• -Resolve disputes and enforce our agreements
• -Maintain business records for legitimate purposes

8.2 Retention Periods by Data Type

8.3 Customer-Controlled Retention

Customers can configure retention settings for certain data types:

• -HRIS: Retention of former employee records
• -ATS: Retention of unsuccessful candidate data
• -Team Connect: Message retention policies

8.4 Deletion Upon Request

• -You can request deletion of your personal information at any time
• -Customers can request deletion of Customer Data
• -We will delete or anonymise data within 30 days of a valid request
• -Some data may be retained where required by law or for legitimate business purposes

8.5 Post-Termination

Upon account termination:

• -Customer Data is available for export for 90 days
• -After 90 days, Customer Data is deleted or anonymised
• -Aggregated analytics may be retained indefinitely
• -Legal and compliance records are retained as required

9.1 Location of Data

• -Primary data storage is in Australia (Sydney region)
• -Some processing occurs in other jurisdictions where our service providers operate

9.2 Countries Where Data May Be Processed

Data may be processed in:

• -Australia (primary)
• -United States (cloud infrastructure, AI providers)
• -European Union (certain service providers)
• -Other countries where subprocessors operate

9.3 Safeguards for International Transfers

When transferring data internationally, we ensure appropriate safeguards:

• -Standard contractual clauses with service providers
• -Data processing agreements with privacy obligations
• -Selection of providers with strong security practices
• -Compliance with Australian Privacy Principles

9.4 Subprocessor List

A list of our subprocessors and their locations is available upon request. We notify Customers of material changes to subprocessors.

10.1 Cookies We Use

10.2 Cookies We Do Not Use

• -Third-party advertising cookies
• -Cross-site tracking cookies
• -Social media tracking pixels (except where explicitly enabled)

10.3 Managing Cookies

You can manage cookies through:

• -Your browser settings
• -Our cookie preference centre (where available)
• -Opting out of analytics (contact us)

Note that disabling essential cookies may affect Platform functionality.

10.4 Do Not Track

We respect Do Not Track (DNT) browser signals. When DNT is enabled, we limit data collection to essential purposes only.

11.1 Rights Under Australian Privacy Law

You have the right to:

11.2 Additional Rights We Provide

We also provide the following rights:

11.3 Exercising Your Rights

To exercise your rights:

• -Self-service: Access, correct, and delete certain information through your account settings
• -Email: Contact us at privacy@teamified.com.au
• -Mail: Write to our Privacy Officer (address below)

We will respond to requests within 30 days. We may need to verify your identity before processing requests.

11.4 Rights for Employee and Candidate Data

If your personal information is in the Platform as Employee Data (HRIS) or Candidate Data (ATS):

• -Your employer or the recruiting organisation is the data controller
• -Direct your requests to them in the first instance
• -We will assist Customers in responding to data subject requests
• -You may also contact us directly, and we will coordinate with the relevant Customer

11.5 Complaints

If you are not satisfied with our response, you can lodge a complaint with:

12.1 Alexia (AI Platform)

Data collected: Queries, documents, conversation history, voice recordings

Special considerations:

• -AI interactions are processed to generate responses
• -Conversation history is retained to provide context
• -You can delete conversation history at any time
• -Voice data is transcribed and may be retained
• -AI outputs are generated based on your inputs and connected data

12.2 HRIS (Human Resources)

Data collected: Comprehensive employee information (see Section 2.2(b))

Special considerations:

• -Customers are responsible for lawful collection of Employee Data
• -Sensitive Information (health, diversity) requires explicit consent
• -Employees should be provided with privacy notices by their employer
• -Access is controlled by Customer-defined permissions
• -Former employee data retention is Customer-controlled

Employee rights: Employees can access and correct their information through the employee self-service portal or by contacting their employer.

12.3 ATS (Applicant Tracking System)

Data collected: Candidate applications, resumes, assessments, interview data

Special considerations:

• -Customers are responsible for recruitment privacy compliance
• -Candidate consent should be obtained at application
• -AI-assisted screening is subject to human oversight requirements
• -Unsuccessful candidate data retention is Customer-controlled
• -Candidates can withdraw applications and request deletion

Candidate rights: Candidates can manage their information through the Jobseeker Portal or by contacting the recruiting organisation.

12.4 Jobseeker Portal

Data collected: Profile, applications, job search activity

Special considerations:

• -Candidates create accounts directly with us
• -Profile information is shared with employers when you apply
• -You control your profile visibility and application submissions
• -You can delete your account and data at any time

Your controls:

• -Edit or delete your profile
• -Withdraw applications
• -Manage communication preferences
• -Download your data
• -Delete your account

12.5 Team Connect

Data collected: Messages, files, meeting recordings, presence data

Special considerations:

• -Messages are visible to other participants
• -Administrators may have access to messages for compliance purposes
• -Meeting recordings require participant consent
• -Message retention is subject to Customer policies
• -Deleted messages may be retained in backups for a limited period

14.1 Types of Communications

We may send you:

• -Transactional: Account notifications, security alerts, service updates (cannot opt out)
• -Product: Feature announcements, tips, best practices (can opt out)
• -Marketing: Promotional content, events, offers (can opt out, requires consent)

14.2 Your Choices

You can manage communication preferences:

• -Through your account settings
• -By clicking "unsubscribe" in emails
• -By contacting us at privacy@teamified.com.au

14.3 No Third-Party Marketing

We do not share your information with third parties for their marketing purposes.

15.1 Updates

We may update this Privacy Policy from time to time to reflect:

• -Changes to our practices or products
• -Legal or regulatory requirements
• -Feedback from users

15.2 Notification

• -We will post updated policies on our website
• -We will update the "Last updated" date
• -For material changes, we will notify you via email or through the Platform
• -We will provide at least 30 days' notice for material changes

15.3 Acceptance

Your continued use of the Platform after changes take effect constitutes acceptance of the updated policy. If you do not agree, you should stop using the Platform.

15.4 Previous Versions

Previous versions of this policy are available upon request.

17.1 European Union / United Kingdom

If you are located in the EU or UK, additional rights under GDPR may apply:

• -Right to data portability
• -Right to erasure ("right to be forgotten")
• -Right to restrict processing
• -Right to object to automated decision-making
• -Right to lodge a complaint with a supervisory authority

For EU/UK data subjects, our legal bases for processing include:

• -Contract performance
• -Legitimate interests
• -Legal obligations
• -Consent (where applicable)

17.2 California, USA

If you are a California resident, you may have additional rights under CCPA/CPRA:

• -Right to know what personal information is collected
• -Right to delete personal information
• -Right to opt out of sale (we do not sell personal information)
• -Right to non-discrimination

17.3 New Zealand

If you are located in New Zealand, this policy is intended to comply with the Privacy Act 2020 (NZ) and the Information Privacy Principles.