# RateRight Pty Ltd Privacy Policy

**Effective Date:** [To be updated upon final approval]  
**Last Updated:** [To be updated upon final approval]  
**Version:** 1.0

## 1. Introduction

RateRight Pty Ltd ("RateRight," "we," "us," or "our") is committed to protecting the privacy and security of your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy outlines how we collect, use, disclose, store, and protect your personal information as a construction worker marketplace platform.

This policy applies to all workers, contractors, clients, and other users of our platform and services. By using our services, you acknowledge that you have read and understood this Privacy Policy.

## 2. Definitions

**Personal Information** means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether recorded in a material form or not.

**Sensitive Information** includes information about an individual's racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health information, genetic information, biometric information, or biometric templates.

**TFN Information** means information that relates to an individual's tax file number, including the TFN itself and any other information that relates to that number.

## 3. About RateRight

RateRight is an Australian construction worker marketplace that connects construction workers with contractors and employers. We operate as an intermediary platform facilitating employment connections within the construction industry.

**Company Details:**
- Company Name: RateRight Pty Ltd
- ABN: [To be inserted]
- Address: [To be inserted]
- Email: privacy@rateright.com.au
- Phone: [To be inserted]

## 4. Types of Personal Information We Collect

We collect and hold various types of personal information, including:

### 4.1 Worker Information
- Full name and contact details (address, phone, email)
- Date of birth
- Employment history and qualifications
- Licenses, certifications, and trade qualifications
- ABN (Australian Business Number)
- Tax File Number (TFN)
- Bank account details for payment processing
- Superannuation fund details
- Insurance information
- Work rights and visa status
- Police checks and background screening results
- Health and safety training records
- Profile photos and biometric information (if required for identification)
- Location data and availability
- Performance ratings and reviews

### 4.2 Contractor/Employer Information
- Company name and business details
- Contact person details
- ABN and business registration information
- Insurance details
- Payment information
- Job posting and project details
- Feedback and ratings

### 4.3 Platform Usage Information
- Login credentials
- IP address and device information
- Cookies and usage analytics
- Communication records
- Transaction history

## 5. How We Collect Personal Information

We collect personal information through various means:

### 5.1 Direct Collection
- When you register for an account
- When you complete your profile
- When you submit applications or documents
- When you communicate with us
- When you use our platform services

### 5.2 Indirect Collection
- From third-party verification services
- From referees and previous employers
- From government agencies (for license verification)
- From publicly available sources
- Through cookies and tracking technologies

### 5.3 Collection of TFN Information
We only collect TFN information when:
- You voluntarily provide it for tax reporting purposes
- It is required by law for employment or payment processing
- You have given explicit consent for its collection

We will never collect TFN information unless it is reasonably necessary for our functions or activities as an employment marketplace platform.

## 6. Purposes for Collecting Personal Information

We collect, hold, use, and disclose personal information for the following purposes:

### 6.1 Primary Purposes
- To facilitate employment connections between workers and contractors
- To verify identity and qualifications
- To process payments and manage financial transactions
- To comply with taxation and employment law requirements
- To provide customer support and platform services
- To maintain platform security and prevent fraud

### 6.2 Secondary Purposes
- To improve our services and platform functionality
- To conduct market research and analysis
- To communicate with users about platform updates
- To enforce our terms and conditions
- For insurance and risk management purposes

### 6.3 Marketing Purposes
We may use personal information for direct marketing purposes only:
- With your consent
- Where it is impracticable to obtain consent and we provide a simple opt-out mechanism
- Where you would reasonably expect us to use the information for marketing

You can opt out of direct marketing communications at any time by:
- Clicking the unsubscribe link in our communications
- Contacting us at privacy@rateright.com.au
- Updating your account preferences

## 7. Disclosure of Personal Information

We may disclose personal information to:

### 7.1 Workers to Contractors/Employers
With your explicit consent, we may disclose your personal information to potential employers, including:
- Name and contact details
- Qualifications and work experience
- Licenses and certifications
- Availability and location
- References and performance ratings
- TFN information (only when required for employment)

### 7.2 Service Providers
We engage third-party service providers to assist with:
- Payment processing
- Identity verification
- Background checks
- Data storage and hosting
- Customer support
- Marketing and communications

### 7.3 Legal and Regulatory Authorities
We may disclose personal information when:
- Required by law or court order
- Necessary to comply with taxation obligations
- Requested by law enforcement agencies
- Required for workplace health and safety matters

### 7.4 Overseas Recipients
We do not ordinarily disclose personal information to overseas recipients. If we need to disclose information overseas, we will:
- Obtain your explicit consent
- Take reasonable steps to ensure the recipient complies with APPs
- Specify the countries where recipients are likely to be located

## 8. TFN Information - Special Provisions

### 8.1 Collection of TFN Information
We only collect TFN information when:
- It is reasonably necessary for our functions or activities
- You have provided explicit consent
- It is required or authorised by Australian law

### 8.2 Use and Disclosure of TFN Information
TFN information will only be used or disclosed:
- For taxation purposes as required by law
- With your explicit consent
- When required by taxation legislation
- To facilitate proper tax reporting to the ATO

### 8.3 Storage and Security of TFN Information
We implement additional security measures for TFN information:
- Encryption at rest and in transit
- Access controls and audit logging
- Secure disposal when no longer required
- Segregation from other personal information where possible

### 8.4 TFN Recipient Obligations
As a TFN recipient, we comply with the Privacy (Tax File Number) Rule 2015, which requires us to:
- Only collect TFN information when authorised by law
- Not use TFN information as a primary identifier
- Implement appropriate security measures
- Not disclose TFN information except as permitted by law
- Destroy or de-identify TFN information when no longer required

## 9. Data Security

We implement comprehensive security measures to protect your personal information:

### 9.1 Technical Security Measures
- Encryption of data in transit and at rest using industry-standard protocols
- Multi-factor authentication for platform access
- Regular security audits and penetration testing
- Secure development practices
- Network security controls and monitoring

### 9.2 Organisational Security Measures
- Access controls based on role and need-to-know principles
- Staff training on privacy and security obligations
- Confidentiality agreements with employees and contractors
- Incident response procedures
- Regular backups and disaster recovery planning

### 9.3 Physical Security Measures
- Secure facilities for data storage
- Access controls to physical premises
- Secure disposal of physical records
- Environmental controls to protect equipment

## 10. Data Retention and Deletion

### 10.1 Retention Periods
We retain personal information for the following periods:
- **Worker profiles:** 7 years after last activity (for tax purposes)
- **Transaction records:** 7 years (as required by taxation law)
- **Employment records:** 7 years after employment ends
- **TFN information:** Only while required for tax purposes
- **Marketing consents:** Until withdrawn or 3 years after last interaction

### 10.2 Deletion and De-identification
When personal information is no longer required, we will:
- Permanently delete electronic records
- Destroy or de-identify physical records
- Remove information from backup systems within a reasonable timeframe
- Maintain audit logs of deletion activities

### 10.3 Exceptions to Deletion
We may retain information longer if:
- Required by law or court order
- Necessary for legal proceedings
- Required for insurance or risk management purposes

## 11. Notifiable Data Breaches Scheme

### 11.1 Data Breach Response
We have established procedures for responding to data breaches that may include:
- Immediate containment and assessment
- Notification to affected individuals within 72 hours when serious harm is likely
- Notification to the Office of the Australian Information Commissioner (OAIC)
- Implementation of remedial measures

### 11.2 Eligible Data Breaches
An eligible data breach occurs when:
- Personal information is lost or subjected to unauthorized access or disclosure
- The breach is likely to result in serious harm to affected individuals
- We have been unable to prevent the likely risk of serious harm

### 11.3 Notification Requirements
When an eligible data breach occurs, we will:
- Prepare a statement including details of the breach and recommended steps
- Notify affected individuals using clear and plain language
- Provide the statement to the OAIC
- Take reasonable steps to publicize the notification if direct notification is not practicable

## 12. Your Rights and Choices

### 12.1 Access Rights
You have the right to:
- Request access to your personal information
- Request correction of inaccurate or incomplete information
- Request the source of your information

### 12.2 Making Requests
To exercise your rights:
- Contact us at privacy@rateright.com.au
- Provide sufficient information to verify your identity
- Specify the information you wish to access or correct
- Allow 30 days for us to respond (or a reasonable period for complex requests)

### 12.3 Refusal of Access
We may refuse access in certain circumstances, including where:
- Access would pose a serious threat to safety
- Access would unreasonably impact another's privacy
- Access would be unlawful
- Access would prejudice legal proceedings

### 12.4 Complaints
If you are not satisfied with our response to your privacy concerns:
- You may make a complaint to us at privacy@rateright.com.au
- We will investigate and respond within 30 days
- If you remain unsatisfied, you may complain to the OAIC

## 13. Cookies and Tracking Technologies

### 13.1 Types of Cookies
We use various cookies including:
- Essential cookies for platform functionality
- Analytics cookies to improve our services
- Preference cookies to remember your settings
- Marketing cookies (only with consent)

### 13.2 Managing Cookies
You can:
- Accept or reject cookies through our cookie banner
- Modify browser settings to control cookies
- Opt out of non-essential cookies at any time

### 13.3 Third-Party Analytics
We use analytics services that may collect information about your use of our platform across devices and sessions.

## 14. Third-Party Links and Services

Our platform may contain links to third-party websites and services. We are not responsible for the privacy practices of these third parties. We recommend reviewing their privacy policies before providing personal information.

## 15. Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

## 16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do:
- We will update the "Last Updated" date
- We will notify users of significant changes
- We may seek your consent for material changes
- Previous versions will be available upon request

## 17. Contact Information

For privacy-related inquiries:

**Privacy Officer:** RateRight Pty Ltd  
**Email:** privacy@rateright.com.au  
**Phone:** [To be inserted]  
**Address:** [To be inserted]  

## 18. Complaints

If you believe we have breached this Privacy Policy or the Australian Privacy Principles:

1. Contact us first using the details above
2. We will acknowledge your complaint within 7 days
3. We will investigate and respond within 30 days
4. If you are not satisfied with our response, you may contact:
   
   **Office of the Australian Information Commissioner**  
   Phone: 1300 363 992  
   Email: enquiries@oaic.gov.au  
   Website: www.oaic.gov.au

---

**Acknowledgment:** By using RateRight's services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your personal information as described herein.

**Consent for Worker Information Sharing:** I consent to RateRight sharing my personal information, including but not limited to my name, contact details, qualifications, licenses, certifications, and work history, with potential contractors and employers for the purpose of securing employment opportunities. I understand that my TFN will only be shared when required for employment purposes and with my explicit consent for each instance.

*This Privacy Policy is reviewed annually and updated as required to ensure compliance with Australian privacy laws.*