Privacy Policy | FlareHQ - Workforce Management Platform

1. Introduction

FlareHQ Pty Ltd ABN 65 690 452 110 (FlareHQ, we, us, or our) is committed to protecting the privacy and security of personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information in connection with our workforce management platform and related services.

This Privacy Policy applies to all users of our Services, including our workforce management platform, rostering applications, recruitment management systems, task and checklist management tools, point-of-sale (POS) integrations, and related mobile and web applications (collectively, the Platform or Services).

We are bound by the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act). This Privacy Policy sets out how we comply with our obligations under the Privacy Act.

2. Definitions

In this Privacy Policy:

Business Customer means a business entity (such as a retail store, hospitality venue, or franchise operator) that subscribes to our Services to manage their workforce.

Employee User means an individual whose employment information is managed through our Platform by a Business Customer, including staff members, casual workers, and contractors.

Job Applicant means an individual who applies for employment opportunities through our recruitment management features.

Administrator means an authorised representative of a Business Customer who manages the Platform on behalf of their organisation, including managers, HR personnel, and account administrators.

Personal Information has the meaning given to it in the Privacy Act and includes information or an opinion about an identified individual, or an individual who is reasonably identifiable.

3. Types of Personal Information We Collect

The types of personal information we collect depend on how you interact with our Services and your role within the Platform.

3.1 Business Customers and Administrators

We may collect the following information from Business Customers and their Administrators:

Business name, ABN/ACN, and trading names
Contact details including name, email address, telephone number, and business address
Billing and payment information (processed securely through third-party payment providers)
Account credentials and authentication information
Business operational data including store locations, trading hours, and organisational structure
Integration credentials for connected third-party services (such as POS systems, accounting software, and payroll providers)

3.2 Employee Users

Through our workforce management Services, Business Customers may input or we may collect the following information about Employee Users:

Full name, date of birth, and contact details (email, phone number, address)
Employment details including employee ID, job title, department, employment type (full-time, part-time, casual), and start date
Award classification and pay rate information in accordance with the Fair Work Act 2009 and applicable Modern Awards
Rostering and availability information, including shift schedules, leave requests, and time and attendance records
Task completion data, checklist records, and performance metrics
Tax file number (TFN) and superannuation details (where provided for payroll purposes)
Bank account details for wage payments
Emergency contact information
Qualifications, certifications, and compliance documentation (e.g., RSA, food handling certificates)
Profile photographs (where voluntarily provided or required by the employer)

3.3 Job Applicants

Through our recruitment management features, we may collect:

Name, contact details, and residential location
Resume/CV, cover letter, and work history
Qualifications, skills, and certifications
Work availability preferences and preferred locations
Right to work documentation
Referee details and reference check outcomes
Interview notes, assessments, and recruitment pipeline status

3.4 Technical and Usage Data

We automatically collect certain technical information when you use our Services:

Device information (device type, operating system, unique device identifiers)
Browser type and version
IP address and approximate geographic location
Usage patterns, feature interactions, and session data
Error logs and performance data
Cookies and similar tracking technologies (see Section 11)

4. How We Collect Personal Information

We collect personal information through various means:

Directly from you: When you register for an account, use our Platform, submit forms, contact us, or communicate with our support team.
From Business Customers: Employee User information is typically provided to us by Business Customers as part of their workforce management activities.
From integrated third-party services: Including point-of-sale systems (such as Square, Lightspeed, and similar providers), accounting software (such as Xero, MYOB, and QuickBooks), and payroll systems.
Automatically: Through cookies, analytics tools, and server logs when you interact with our Services.
From publicly available sources: Such as business registries or professional networking platforms, where relevant to our business relationships.

5. Purpose of Collection and Use

We collect, hold, use, and disclose personal information for the following purposes:

5.1 Service Delivery

Providing and maintaining our workforce management Platform
Enabling rostering, time and attendance tracking, and leave management
Facilitating recruitment processes and candidate management
Supporting task and checklist management for operational compliance
Processing integrations with POS systems and accounting software
Generating reports, analytics, and insights for Business Customers

5.2 Employment Compliance

Assisting Business Customers with compliance obligations under the Fair Work Act 2009
Calculating pay rates in accordance with applicable Modern Awards, including penalty rates, overtime, and allowances
Maintaining records as required by employment laws and regulations
Supporting superannuation and tax reporting obligations

5.3 Communication

Sending service-related notifications (e.g., roster updates, shift reminders, task assignments)
Responding to enquiries and providing customer support
Communicating important updates about our Services
Marketing communications (with consent, where required)

5.4 Business Operations

Billing, invoicing, and payment processing
Internal record keeping and administration
Improving and developing our Services
Analytics, research, and business planning

5.5 Legal and Compliance

Complying with legal obligations and responding to lawful requests
Protecting our rights and interests, including enforcing our terms of service
Resolving disputes and preventing fraud or misuse

6. Disclosure of Personal Information

We may disclose personal information to the following categories of recipients:

6.1 Service Providers

We engage third-party service providers who assist us in delivering our Services, including:

Cloud hosting and data storage providers
Payment processing providers
Email and communication service providers
Analytics and monitoring services
Customer support and helpdesk systems

6.2 Integrated Third-Party Platforms

At the direction of Business Customers, we may share information with:

Point-of-sale (POS) systems for sales and labour cost analysis
Accounting software (e.g., Xero, MYOB, QuickBooks) for payroll and financial reporting
Payroll providers for wage processing
Other workforce or HR management systems as configured by the Business Customer

6.3 Other Disclosures

We may also disclose personal information to:

Our employees, contractors, and related entities
Professional advisors (lawyers, accountants, auditors)
Regulatory authorities, courts, and tribunals as required by law
Potential acquirers or investors in connection with a sale, merger, or acquisition of our business
Any other party with your consent

7. Overseas Disclosure

We may disclose personal information to recipients located outside Australia, including cloud service providers and data processors. Countries may include the United States, European Union member states, and other jurisdictions where our service providers operate.

Where we disclose personal information overseas, we take reasonable steps to ensure the recipient handles the information in accordance with the APPs, including through contractual arrangements requiring appropriate data protection measures.

By providing personal information to us, you acknowledge that we may disclose your information to overseas recipients. While we take reasonable steps to ensure overseas recipients comply with Australian privacy standards, you acknowledge that overseas recipients may not be subject to the Privacy Act.

8. Our Role as Data Processor

In many cases, FlareHQ acts as a data processor on behalf of Business Customers, who remain the data controller for Employee User information. Business Customers determine the purposes for which Employee User data is collected and used, and we process this data in accordance with their instructions and our service agreements.

Employee Users should direct privacy enquiries regarding their employment information to their employer (the relevant Business Customer) in the first instance. Business Customers are responsible for ensuring they have appropriate legal bases and consents for the personal information they input into our Platform.

9. Sensitive Information

Sensitive information is a subset of personal information that is given a higher level of protection under the Privacy Act. Sensitive information includes information about racial or ethnic origin, political opinions, religious beliefs, trade union membership, sexual orientation, health information, and biometric data.

We do not generally collect sensitive information. However, certain sensitive information may be collected where:

You have provided explicit consent
Collection is required or authorised by law (e.g., health information for workers' compensation purposes)
It is necessary to prevent or lessen a serious threat to health or safety

Where sensitive information is collected, we will only use and disclose it for the purpose for which it was collected, unless you consent to other uses or disclosure is required by law.

10. Data Security

We are committed to protecting personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. We implement a range of security measures, including:

Encryption of data in transit (TLS/SSL) and at rest
Secure authentication mechanisms, including multi-factor authentication options
Role-based access controls limiting data access to authorised personnel
Regular security assessments and vulnerability testing
Secure cloud infrastructure with reputable providers
Employee training on data protection and security practices
Incident response procedures for potential data breaches

While we take reasonable steps to protect personal information, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security, and any transmission of information is at your own risk.

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience of our Services, analyse usage patterns, and deliver relevant content. Cookies are small text files stored on your device that help us recognise you and remember your preferences.

We use the following types of cookies:

Essential cookies: Required for the operation of our Platform (e.g., authentication, security)
Functional cookies: Enable enhanced functionality and personalisation
Analytics cookies: Help us understand how users interact with our Services (e.g., Google Analytics)
Marketing cookies: Used to deliver relevant advertisements and track campaign effectiveness

You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of our Services.

For information on how Google uses data collected through Google Analytics, please visit: www.google.com/policies/privacy/partners/

12. Data Retention

We retain personal information for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

Our retention periods are determined by:

The duration of our relationship with Business Customers
Legal obligations to retain employment and financial records (generally 7 years under Australian law)
Potential legal claims or disputes
Legitimate business needs

When personal information is no longer needed, we will take reasonable steps to destroy or de-identify it.

13. Your Rights and Choices

13.1 Access

You have the right to request access to the personal information we hold about you. We will respond to access requests within a reasonable timeframe. In some circumstances, we may not be able to provide access, such as where doing so would unreasonably impact the privacy of others.

13.2 Correction

If you believe any personal information we hold about you is inaccurate, incomplete, or out of date, please contact us. We will take reasonable steps to correct the information.

13.3 Deletion

You may request deletion of your personal information. Please note that we may not be able to delete information where we are required to retain it for legal or compliance purposes.

To request deletion:

Employee Users: Please contact your employer (the Business Customer) who can request deletion on your behalf or direct you appropriately.
Business Customers: Please contact us using the details below.

13.4 Marketing Opt-Out

You can opt out of receiving marketing communications from us at any time by clicking the unsubscribe link in our emails or contacting us directly. Please note that you may continue to receive transactional and service-related communications.

13.5 Complaints

If you have a complaint about how we have handled your personal information, please contact us using the details below. We will investigate your complaint and respond within a reasonable timeframe.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by calling 1300 363 992.

14. Third-Party Links

Our Services may contain links to third-party websites or services that are not operated by us. We have no control over, and assume no responsibility for, the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website with a new "Last Updated" date. For significant changes, we may also provide additional notice, such as email notification to Business Customers.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

16. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your privacy rights, please contact our Privacy Officer:

FlareHQ Pty Ltd

ABN: 65 690 452 110

Email: info@flarehq.co

Address: Rialto, West Podium, Ground Floor/525 Collins St, Melbourne VIC 3000

Website: flarehq.co