Eftsure Privacy Policy and Confidentiality Statement

1. This Privacy Policy

(a) This is the Privacy Policy of Eftsure, a business that provides electronic payment verification services. This Privacy Policy sets out how we collect and manage your personal information and business confidential information when providing services to you or your affiliates, when you or your affiliates otherwise engage with us or where we collect your personal information where you are a user of any Eftsure service or a current or future payee of any of our customers or their affiliates. In this Privacy Policy, unless the contrary intention appears, references to “we”, “us”, “our” or “Eftsure” means each of the following entities: Eftsure Pty Limited (ABN 21 168 403 736) (Eftsure AU), Eftsure New Zealand Pty Limited (company number 8495986), Eftsure, USA Inc. (EIN 99-0939957) (Eftsure US), Vector HoldCo Pty Ltd (ABN 72 655 693 566), Vector BidCo Pty Limited (ABN 19 655 693 717) and Eftsure e-invoicing Pty Limited (ABN 77 669 461 974).

(b) Eftsure provides two main services, set out below:

(i) the Eftsure ”Know Your Payee” (KYP) service, which is further described in the Eftsure KYP Service Addendum, made available at the following URLs: https://eftsure.com/en-au/terms-of-service/ (if you are customer contracting with Eftsure AU) or https://eftsure.com/terms-of-service/ (if you are a customer contracting with Eftsure US) ;

(ii) the EftsureID service, which is further described in the EftsureID Service Addendum, made available at the following URLs: https://eftsure.com/en-au/terms-of-service/ (if you are customer contracting with Eftsure AU) or https://eftsure.com/terms-of-service/ (if you are a customer contracting with Eftsure US); and

(iii) the Eftsure API Service, which is further described in the Eftsure KYP Service Addendum, made available at the following URLs: https://eftsure.com/en-au/terms-of-service/ (if you are customer contracting with Eftsure AU) or https://eftsure.com/terms-of-service/ (if you are a customer contracting with Eftsure US).

(c) We may update our services from time to time. Further information about our services is available on our website or in your agreement with us.

(d)We may update this Privacy Policy from time to time. The most current version will be located on our website.

2. Personal information and business confidential information

(a) Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether or not the information or opinion is true and whether or not the information or opinion is recorded in a material form. Therefore, not all information that we collect about you will be considered personal information.

(b) While information that we collect, use and store in Eftsure’s databases may not be personal information in every case, it may be business confidential information. Our data management processes and systems are designed for privacy, confidentiality and information security, by default and by design.  We manage business confidential information that is stored in the Eftsure’s databases by applying the same privacy, confidentiality and information security standards as we apply to our management of your personal information.

(c) Where we collect, use, hold or disclose personal information, we will do so in accordance with this Privacy Policy and will comply with all applicable privacy laws which may include (as the case may be): the Australian Privacy Act 1988 (Cth), the Privacy Act 2020 (NZ) and any mandatory privacy-related codes applicable to us in Australia or New Zealand.

3. Types of personal information that we collect and hold

The types of personal information that we collect and hold about you will depend on which services you or your customers use, and how you otherwise interact with us.

(a) Use of our services generally. In providing the Eftsure KYP, EftsureID and API services, we may collect the following information about our customers and their respective payees:

(i) names of individuals;

(ii) job title;

(iii) business names;

(iv) Australian Business Number (ABN), Australian Company Number (ACN), New Zealand Business numbers (NZBN), GST registration status and any other equivalent information in jurisdictions other than Australia (including international standard payment details, such as SWIFT or IBAN bank identifier details);

(v) contact information including mobile numbers;

(vi) business addresses;

(vii) email addresses;

(viii) payment amounts;

(ix) full legal account name, bank account number, BSB, routing numbers and any other equivalent information in jurisdictions other than Australia;

(x) other business and payee information, as provided by customers to us for verification purposes;

(xi) whether or not the above information has been verified by Eftsure or by any of our customers or their affiliates; and

(xii) information contained in documents that are uploaded by a payee into Eftsure’s document library.

(b) Use of the EftsureID service. In addition to the types of information listed in paragraph 3(a) above, in providing the EftsureID service, we may collect the following additional information about our customers and their respective payees:

(i) copies of customer invoices uploaded to the EftsureID service;

(ii) EftsureIDs; and

(iii) device App IDs.

(c) Use of our websites. We use tracking code (‘cookies’, pixels or other technology), collect device identifiers and log information to track access to, and use of, our website. We may also collect names, email addresses, phone numbers and other personal information when you complete any forms on our website, or request to join our mailing list. Please see section 4 for further information about cookies.

(d) Use of social media operated by us. We may collect the following information: your name, job title, email address and business name.

(e) When applying for a job with us. If you apply for a job with us, we collect personal information such as your name, contact number, address and email address. We may also collect sensitive information, such as health information or your criminal history, if this is relevant.

(f) When attending an Eftsure event or meeting. We may collect personal information such as your name, contact number, address and email address when attending, or planning on attending, an Eftsure event or meeting.

4. Cookies and other tracking technologies

(a) We use tracking code (being ‘cookies’, pixels or other technology) and collect device identifiers to track access to, and use of, our website. We use tracking code to provide a better user experience for our website users and to improve our internet site. We do not use tracking code to identify a specific person using a browser or device.

(b) We may also receive tracking code data, device identifiers, log information and other information, from advertising serving services or advertising networks which relates to your use of third-party websites. We use this tracking code to provide a better user experience for the users of our website and to improve our website.

(c) Our website uses technologies of third-party partners to help us recognise your browser device and understand how you use our website so that we can improve our services and to serve you advertisements about products and services that are likely to be of interest to you. These partners collect information about your activity on our websites to enable us to:

(i) measure and analyse traffic and browsing activity on our websites;

(ii) show advertisements for our products and services to you on third party websites; and

(iii) measure and analyse the performance of our advertising campaigns.

(d) We may share certain data with our advertising partners. Such data includes partially redacted/hashed emails or other online identifiers collected on our website. This allows our partners to recognise and deliver advertisements to you across your devices and browsers.

(e) If you do not wish to use cookies or other tracking technologies, you can amend the settings on your internet browser so it will not automatically download cookies, noting that:

(i) if you remove or block cookies on your computer, please be aware that your user experience and our website’s functionality may be affected; and

(ii) our partners may use non-cookie technologies that cannot be blocked by adjusting your browser settings. Where this is relevant, you may wish to use a third-party tool to prevent the collection and use of information for the purpose of serving you interest-based advertising. For further information, please see: Digital Advertising Alliance: YourAdChoices and Network Advertising Initiative: Consumer Opt-Out.

5. How we collect and hold your personal information

(a) We collect personal information in a number of ways:

(I) where reasonable and practicable, we will collect any personal information directly from you or your affiliates or users;

(ii) through use of the Eftsure KYP service – if you are the payee of an Eftsure customer, we may collect personal information about you from the relevant Eftsure customer or our service providers (who assist us to provide verification services).

Please note that it would not be reasonable or practicable for Eftsure to collect all personal information about our customers’ payees directly from those payees in all cases, which is why we may collect some personal information about an Eftsure customer payee from the relevant Eftsure customer or our service providers.

It is the responsibility of each Eftsure customer to ensure that it has the appropriate consents in place to disclose any personal information about its payees to Eftsure. If you are a payee of an Eftsure customer and you would like to understand how that Eftsure customer manages your personal information, you should contact the relevant Eftsure customer directly;

(iii) through use of the EftsureID service – we may collect personal information from prospective payers in connection with the EftsureID service, such as when a prospective payer downloads and sets up the EftsureID app, scans an Eftsure customer’s invoice using this app or our webpage, or manually enters EftsureID details into the app or our webpage;

(iv) we may collect personal information from our personnel (employees and contractors), from individuals who apply for a position with us, and from prospective customers who engage with us;

(v) we may collect personal information from other third parties. This may include our advertising partners (please see section 4 for further information), our third-party delivery partners (such as integration and referral partners), and our service providers (such as identity and fraud checking services, and credit reporting agencies); and

(vi) we may also collect personal information from publicly available sources such as the Australian Business Register and any other equivalent sources in jurisdictions other than Australia, and social media.

(b)Any personal information and business confidential information stored in the Eftsure’s databases that is collected by us is held securely using appropriate and up to date industry-recognised methods such as access control procedures, network firewalls, encryption, and physical security.

(c) Subject to any legal requirement, or ability to retain personal information pursuant to any contractual arrangement, we will destroy or de-identify your personal information when it is no longer needed for the purpose for which we collected it.

6. How we use your personal information

(a) How we use your personal information depends on which services you or your customers use, and how you otherwise interact with us. We have described the purposes for which we collect, hold, use and disclose your personal information, below:

(i) Provision of the Eftsure KYP Service and Eftsure API Service. We collect and hold the data of Eftsure customers, as well as Eftsure customer payee data, in Eftsure’s databases, which is encrypted. This information is used for verification purposes and ongoing vendor management for Eftsure customers. This may include: (A) verifying the data in an Eftsure customer’s vendor master file against data held in Eftsure’s databases to confirm whether the data aligns, and providing a report to the Eftsure customer; (B) verifying payee data by matching multiple requests made by multiple Eftsure customers; (C) contacting the payee to verify their details; (D) verifying payee data using third party service providers; (E) inviting a payee to register as a new payee on the Eftsure portal; (F) before an Eftsure customer makes a payment, verifying the Eftsure customer’s data against the data in Eftsure’s databases and providing a notification or alert to the Eftsure customer regarding whether that data aligns, the likelihood of a duplicate payment, or a payment being made that is outside of set parameters; (G) maintaining and updating payee details; and (H) providing help desk support or training.

We retain records of verified payee details and those that appear incorrect or are unverifiable so that this may be disclosed to you (if you are an Eftsure customer) and otherEftsure customers.  However, we do not disclose the names of any specific  Eftsure customers that pay to, or otherwise engage any specific payee to any other Eftsure customer or third party.  Information about the identify of any payee provided to Eftsure may be retained, used and disclosed by Eftsure to provide Eftsure services, for example as required by Eftsure to provide Eftsure’s verification services to Eftsure customers, including by cross verifying other Eftsure customer data against Eftsure’s databases against data provided to Eftsure by a customer.

(ii) Provision of the EftsureID service. We collect and hold the data of Eftsure customers, their invoices, as well as Eftsure customer payer data, in Eftsure’s databases, which is encrypted. This data is: (A) collected and used to verify that the data on an invoice received by a payer of an Eftsure customer aligns with the same data held in Eftsure’s databases; and (B) retained for troubleshooting, audit and support purposes.

(iii) Our service providers, referral partnersand authorised resellers.

(a) We may disclose personal information to our third party service providers (including, for example, our accounting, billing, risk management, and contract management software solution providers) for the purpose of acquiring goods and services to support and enhance our daily business and financial operations.

(b) We may disclose personal information to our referral partners, integration and implementation partners and authorised resellers for a wide range of purposes, including to market and promote our services to prospective customers, resell our services either as stand alone offerings or as integrated service offerings (which involves integrating Eftsure’s services with our customers’ third party enabled compatible technology including, any compatible accounting, billing or onboarding software tool e.g. ERPs or any middleware application).

(iv) Administration. We may use personal information for the purposes of managing customer enquiries, complaints, and to maintain and update our records.

(v) Marketing, customer relationship management (CRM), customer support, accounting and billing. We use information in our CRM systems to contact clients and prospective clients. Information in our CRM systems is also accessed and analysed in an application that pools data from our CRM systems and third-party sources (such as marketing mailing lists, commercially available personal, geographic and demographic information sources as well as publicly available information), and presents the merged information as graphs and charts for use within our operations. This information includes business names, names of individuals, business email addresses, business addresses, which financial institution an organisation uses, and which ERP systems an organisation uses. We also link our CRM systems to our accounting software, which enables us to manage customer billing, invoicing and receipts.

(vi) Product upgrades and new product developments: We may use personal information for the purpose of upgrading our existing products and services supplied to you and other Eftsure customers and developing new products and services to supply to you and Eftsure’s other customers.

(vii) Operating our website. When an individual visits our website, uses our systems or applications, we may collect personal information about that individual including via cookies and other technologies. We collect this information for marketing purposes and to improve our websites. Please see section 4 for further information about how your data is used, where that data is collected through your use of our websites.

(viii) Security and fraud protection. We undertake a range of network, security and fraud protection activities including identifying and blocking possible malicious actors, code or content. We may also use personal information to determine whether an individual might be impacted and take action to block the malicious activity or notify the individual so that the individual can take protective action.

(ix) Communication. We communicate with individuals in businesses and other organisations that are clients or prospective clients. We may communicate with you for the purposes of providing or selling our services to you, setting up an account with us, filling out a form, or answering your queries. We may do this via phone, email, SMS, social media, web forms, search engines and web pages you visit. Where these communications are considered marketing, we will comply with relevant laws.

(x) Business meetings. We may collect, use and store your personal information if you attend any online meetings with us, and we may like to record such meetings. If we do, we will give the attendees prior notice, and will comply with all applicable laws. We will use the recording of any online meetings for our own internal business purposes only.

(xi) Job applicants. We will use any personal information that we collect from a job applicant solely for the purpose of assessing whether you meet the requirements of the relevant role, to fulfil any legal obligations and, if relevant, any pre-employment screening.

(xii) To fulfill our legal obligations. We may disclose your personal information to law enforcement authorities or government agencies where required to do so, or authorised, under applicable laws.

(b) Where we hold personal information that was collected for a particular purpose (the primary purpose), we will not use or disclose that personal information for another purpose (the secondary purpose) unless: (A) the relevant individual has consented to the use or disclosure; (B) the relevant individual would reasonably expect us to use or disclose the personal information for the secondary purpose and the secondary purpose relates to the primary purpose; or (C) the use or disclosure is otherwise required or permitted by relevant laws.

Eftsure may use and disclose personal information for the following secondary purposes: (A) data analytics and other statistical analysis related to verifications and trends in fraud; (B) preparation of reports using aggregated data; (C) maintaining an audit trail of verifications undertaken and the outcome of those verification enquiries; (D) maintaining business records as required by applicable law; (E) assisting our customers, financial institutions or law enforcement agencies with the investigation of any suspected fraud or other serious wrongdoing; and (F) as otherwise authorised or required by law (including privacy laws).

7. Access to, and correction of, personal information

(a) We will take reasonable steps to ensure that the personal information we collect, use and disclose is accurate, up to date, complete and relevant. If you believe that any information held by us is incorrect, you may ask us to correct it.

(b) You may request access to personal information about you that is held by us using the contact details in section 11. Before we provide you with access to any personal information, we will require some proof of identity to ensure that you have the right to access such information. Subject to any permitted exception under relevant privacy laws, we will provide you with a copy of the relevant personal information.

(c) For most access requests, your personal information will be provided free of charge, however, we may charge a reasonable fee if responding to your request requires a substantial effort on our part. We will not charge you for simply making the request and will not charge you for making any corrections to your personal information.

8. Third party sites

(a) We use a third-party service provider located in the United States of America (USA) to assist us with some digital verification activities. Where we do, our website contains a link to our third-party service provider’s website, and is clearly labelled as such. Any use of this third-party service provider is subject to their terms of service, although the third-party service provider will comply with this Privacy Policy.  If you (being the payee of an Eftsure customer) do not consent to the third-party terms of service, you may choose another verification method.

(b) In addition to the third-party website outlined in paragraph 8(a), our websites may contain links to other websites that are operated by third parties. If you access a third party website through one of our websites, other than as outlined in paragraph 8(a), you may be bound by their terms of service and any personal information collected by that third party will be managed in accordance with their own privacy practices. We recommend that you read any terms of service and privacy policy to understand how your personal information will be managed by that third party. We are not responsible for the privacy practices of such third parties.

9. Cross-border disclosures

(a) We may collect, hold, process and transfer personal information outside the country in which you are located. Please note that information held in the Eftsure verified records database is held within: (i) Australia, if the relevant customer agreement is with Eftsure AU; and (ii) the USA, if the relevant customer agreement is with Eftsure US.

(b) For all other types of personal information, we may transfer such information within the Eftsure group of companies, which may result in a cross-border disclosure to an Eftsure entity located in Australia or the USA. We may also store this information outside the country in which you are located, likely in Australia or the USA.

(c) Some of our service providers are in countries other than the country in which you are located. Where the disclosure of personal information to a service provider results in a cross-border disclosure, those service providers are likely to be located in Philippines, South Africa, New Zealand, the USA or Australia.

This paragraph 9(c) only applies if there is a cross-border disclosure of personal information by Eftsure AU. Where we disclose or store personal information outside of Australia, we will take reasonable steps to ensure that the recipient maintains adequate data security and privacy practices in relation to the management of that personal information, in accordance with applicable privacy laws (including the Australian Privacy Principles (APPs) where applicable). Such reasonable measures may include entering into enforceable contractual arrangements with overseas recipients, to ensure that any personal information disclosed overseas remains adequately protected.

10. How to make a complaint

If you wish to make a complaint about how we manage your personal information, please send a written complaint using the contact details below. We will respond to complaints within a reasonable period (usually 30 days). If you are not satisfied with our response, you may make a complaint to the Office of the Australian Information Commissioner (OAIC). Please see the OAIC website for further information.

11. How to contact us

If you would like to access or update your personal information, have any questions about this Privacy Policy, or would like to make a compliant about how we manage your personal information, please contact us using the details below:

A: The Privacy Officer, Level 9/177 Pacific Highway, North Sydney NSW 2060

E: privacy@eftsure.com.au

T: 1300 985 976

Last updated 11 March 2025