PRIVACY POLICY

1. Introduction

When you use OORDY, you trust us with your personal data. We’re committed to keeping that trust. That starts with helping you understand our privacy practices.

This notice describes the personal data (“data”) we collect, how it’s used and shared, and your choices regarding this data.

2. Overview

A. Scope

This notice applies to users of OORDY’s apps and websites.

This notice describes how OORDY and its affiliates collect and use data. This notice applies to all OORDY users. This notice specifically applies to:

Riders: those who request or receive transportation and related services.
Drivers: those who provide transportation to Riders individually via their OORDY account or through partner transportation companies.
Guest users: those without a OORDY account who receive rides ordered by other OORDY account owners, including those who receive services arranged by friends, family members or other individual account owners, including gift card recipients.

This notice also governs OORDY’s other collections of data in connection with its services. For example, we may collect contact information of OORDY Workplaces customers or data of those who start but do not complete their applications to be drivers.

All those subject to this notice are referred to as “users” in this notice.

Our privacy practices are subject to applicable laws in the places in which we operate. This means that we engage in the practices described in this notice in a particular country or region only if permitted under the laws of those places.

Please contact OORDY regarding our compliance with the Australian Privacy Principles. Such contacts will be addressed by OORDY’s customer service and/or relevant privacy teams within a reasonable timeframe. You may also contact the Office of the Australian Information Commissioner here with concerns regarding such compliance.

3. Data collections and uses

A. The data we collect

OORDY collects data: provided by users to OORDY created during use of our services from other sources. Please see here for a summary of the data we collect and how we use it.

OORDY collects the following data from these sources:

1. Data provided by users. This includes:

Account information: We collect data when users create or update their OORDY accounts. This includes first and last name, email, phone number, year of birth, profile picture, payment or banking information (via our secure third-party payment system, Stripe).
For drivers, this also includes vehicle or insurance information, emergency contact information, and evidence of health or fitness to provide services using OORDY apps.
Background check information (drivers): This includes information submitted during the driver application process, such as driver history or criminal record (where permitted by law).
Identity verification documents and photos: This includes government issued identification such as driver’s licence and profile pictures.
Demographic data: We collect demographic data such as birth date/age, gender, as well as for marketing and advertising.
User content: We collect data (email and call recordings) when users contact OORDY customer support, provide ratings or feedback for users.

2. Data created during use of our services. This includes:

Location data (driver): We collect precise and approximate location data from drivers’ mobile devices when the OORDY app is running in the foreground
(app open and on-screen) or background (app open but not on-screen).
Location data (riders). We collect precise and/or approximate location information from riders’ and order recipients’ mobile devices if they enable us to do
so via their device settings.
OORDY collects such data from the time a ride is requested until it is finished, and any time the app is running in the foreground (app open and on-screen). Riders may use the OORDY apps without enabling collection of location data from their mobile devices. However, this may affect certain features in the OORDY apps. In addition, precise location data collected from a driver’s device during a trip is linked to the rider’s account, even if the rider has not enabled precise location data to be collected from their device. This data is used for purposes such as customer support, fraud detection, insurance, litigation and receipt/tax invoice generation.
Transaction information: We collect transaction information related to the use of our services, including the type of services requested or provided; trip details (such as date and time, requested pick-up and drop off addresses, distance travelled); and payment transaction information (such as amount charged, and payment method). We also associate a user’s name with that of anyone who uses their promotion code.
Usage data: We collect data about how users interact with our services. This includes access dates and times, app features or pages viewed, browser type, and app crashes and other system activity.
Device data: We collect data about the devices used to access our services, including the hardware models, device IP address or other unique device identifiers, operating systems and versions, software, preferred languages, advertising identifiers, device motion data, and mobile network data.
Communications data: We collect data regarding communications between users that are enabled through OORDY’s apps. This includes communication type (phone, text or in-app message), date/time, and content.

3. Data from other sources. These include:

users participating in our referral programs. For example, when a user refers another person, we receive the referred person’s data from that user.
OORDY account owners who request services for or on behalf of other users (such as friends or family members), or who enable other users to request or receive services through their business accounts (such as OORDY Workplaces customers).
users or others providing information in connection with claims or disputes.
OORDY business partners through which users create or access their OORDY account, such as payment providers, social media services, or apps or websites that use OORDY’s APIs or whose APIs OORDY uses.
OORDY business partners in connection with debit or credit cards issued by a financial institution in partnership with OORDY to the extent disclosed in the terms and conditions for the card.
service providers who help us verify users’ identity, background information, and eligibility to work, detect fraud, and screen users in connection with sanctions, anti-money laundering, or know-your-customer requirements.
insurance, vehicle, or financial services providers for.
partner transportation companies (for drivers who use our services through an account associated with such a company).
publicly available sources.
marketing partners and service providers, including banks in connection with cash back programs, and data resellers.
law enforcement officials, public health officials, and other government authorities.

B. How we use data

OORDY uses data to enable reliable and convenient transportation, delivery, and other products and services. We also use data:

to enhance the safety and security of our users and services
for customer support
for research and development to enable communications between users
for marketing and advertising to send non-marketing communications to users in connection with legal proceedings

Please see here for a summary of the data we collect and how we use it.

OORDY uses the data we collect:

1. To provide our services. OORDY uses data to provide, personalise, maintain, and improve our services. This includes using data to:

create/update accounts.
enable transportation and other services/features, such as:
- using location data to navigate rider pick-ups, calculate ETAs, and track the progress of rides.
- enabling features that involve data sharing, such as sharing driver first name and vehicle information with riders to facilitate pick-ups, or features that enable ETA sharing and fare splitting.
- matching available drivers to users requesting services, including based on personal data such as location and proximity to other users, and user settings / preferences (such as preferred destinations), and non-personal data such as vehicle type requested.
calculating prices and fares, including using location data (such as requested pick-up and drop off addresses). We may also consider non-personal data or factors, including
date and time, estimated distance and time, minimum base fares, tolls, taxes and fees.
provide users with trip updates, generate receipts, and inform them of changes to our terms, services, or policies.
perform necessary operations to maintain our services, including to troubleshoot software bugs and operational problems.

OORDY performs the above activities on the grounds that they are necessary to fulfil the terms of our agreements with users, are compatible with such uses, or are necessary for purposes of OORDY’s and its users’ legitimate interests.

2. Safety, fraud protection and security. We use data to help maintain the safety, security, and integrity of our services and users. This includes:

verifying users’ accounts, identity or compliance with safety requirements. For example, we review driver background checks (including criminal history where required or permitted by law) to verify their identities and eligibility to provide transportation.
using account, device, location, usage, transaction, wireless carrier, and other data, including communications between users and metadata, to prevent, detect, and combat fraud.
using reported incidents, user ratings*, and other feedback to encourage safe use of OORDY’s platform and compliance with our terms and as grounds for deactivating users with low ratings.
using driver data (such as past trip information and reported incident rates) and rider data (such as account information, cancellation and reported incident rates, current pick-up and drop-off location, past trip information, and ratings information) to assess safety risks.

OORDY performs the above activities on the grounds that they are necessary to fulfil the terms of our agreements with users, and/or for purposes of the legitimate safety and security interests of OORDY, our users and members of the general public.

3. Customer support. We use the information we collect (which may include call recordings) to provide customer support, including to investigate and address user concerns and to monitor and improve our customer support responses and processes.

OORDY performs the above activities on the grounds that they are necessary to fulfil the terms of our agreements with users or for purposes of OORDY’s legitimate interests in monitoring and improving its customer support services.

4. Research and development. We use data for analysis, product development, research, and testing. This helps us make our services more convenient and easy-to-use, enhance the safety and security of our services, and develop new services and features.

OORDY performs the above activities on the grounds that they are necessary for purposes of OORDY’s legitimate interests in improving and developing new services and features.

5. Enabling communications between users. For example, a driver may message or call a rider to confirm a pick-up location, a rider may call a driver to retrieve a lost item.

OORDY performs the above activities on the grounds that they are necessary to fulfil the terms of our agreements with users.

6. Marketing and Advertising. OORDY uses data to market its services, and those of OORDY partners.

We specifically use account, approximate location, device and usage data, and trip history to provide ads and marketing communications that are personalised based on users’ observed or inferred location, interests and characteristics (which may include inferred gender*). This includes using this data to:

send emails, text messages, push notifications, and in-app messages or other communications marketing or advertising OORDY products, services, features, offers, promotions, sweepstakes, news and events. For example, we may send push notifications or in-app messages offering discounts or promos.
display personalised advertising on third party apps or websites.
display third party advertising in OORDY’s apps or in connection with our services.

7. Non-marketing communications. OORDY may use data to send surveys and other communications that are not for the purpose of marketing the services or products of OORDY or its partners.

OORDY performs the above activities on the grounds that they are necessary to fulfill the terms of our agreements with users, or for purposes of OORDY’s and its users’ legitimate interests in informing users about events that may have an impact on their use of OORDY’s services.

8. Legal proceedings and requirements. We use data to investigate or address claims or disputes relating to use of OORDY’s services, to satisfy requirements under applicable laws, regulations, operating licenses or agreements, insurance policies, or pursuant to legal process or governmental request, including from law enforcement.

OORDY performs the above activities on the grounds that they are necessary for purposes of OORDY’s legitimate interests in investigating and responding to claims and disputes relating to use of OORDY’s services and features, and/or necessary for compliance with applicable legal requirements.

C. Cookies and third-party technologies

OORDY and its partners use cookies and other identification technologies on our apps, websites, emails, and online ads for purposes described in this notice.

Cookies are small text files that are stored on browsers or devices by websites, apps, online media, and ads. OORDY uses cookies and similar technologies for purposes such as:

authenticating users
remembering user preferences and settings
determining the popularity of content
delivering and measuring the effectiveness of advertising campaigns
analysing site traffic and trends, and generally understanding the online behaviours and interests of people who interact with our services

We may also allow others to provide audience measurement and analytics services for us, to serve ads on our behalf across the internet or for other companies’ products and services on our apps, and to track and report on the performance of those ads. These entities may use cookies, web beacons, SDKs, and other technologies to identify the devices used by visitors to our websites, as well as when they visit other online sites and services.

D. Data sharing and disclosure

Some of OORDY’s services and features require that we share data with other users, or at users’ request or with their consent. We may also share such data with our affiliates, subsidiaries, and partners, for legal reasons or in connection with claims or disputes.

OORDY may share data:

1. With other users

This includes sharing:

riders’ first name, rating, phone and pickup and/or drop off locations with drivers.
for drivers, we may share data with the riders, including name, phone and photo; vehicle make, model, colour, licence plate, and vehicle photo; location (before and during trip); average rating provided by users; total number of trips; period of time since they signed up to be a driver; contact information; and driver profile, including compliments and
other feedback submitted by past users.
We also provide riders with receipts containing information such as a breakdown of amounts charged, driver first name, photo, and route map. We also include other information on those receipts if required by law.

2. At users’ request or with users’ consent

This includes sharing data with:

Other people at a user’s request. For example, we share a user’s ETA and location with a friend when requested by that user, or a user’s trip information when they split a fare with a friend.
OORDY business partners. For example, if a user requests a service through a partnership, OORDY may share certain data with those third parties. This may include, for example, other services, platforms, apps, or websites that integrate with our APIs; vehicle suppliers or services; those with an API or service with which we integrate; or other OORDY business partners and their users in connection with promotions, contests, or specialised services.
Emergency services. We offer features that enable users to share their data with police, fire, and ambulance services in the event of an emergency or after certain incidents
Insurance companies. If a user has reported or submits a claim to an insurance company relating to OORDY’s services, OORDY will share certain data with that insurance company for the purpose of adjusting or handling the user’s insurance claim.
General public. Questions or comments from users submitted through public forums such as OORDY social media pages may be viewable by the public, including any data included in the questions or comments submitted by a user.

3. With OORDY subsidiaries and affiliates

We share data with our subsidiaries, affiliates and government regulators to help us provide our services or conduct data processing on our behalf.

4. With OORDY service providers and business partners

These include the third parties, or categories of third parties, listed below. Where a third party is identified, please see their linked privacy notices for information regarding their collection and use of personal data.

payment processors and facilitators, our partner is Stripe.
background check, identity verification and risk solutions providers.
cloud storage providers.
customer support platform and service providers.
marketing partners and marketing platform providers, including social media advertising services, advertising networks, third-party data providers, and other service providers to reach or better understand our users and measure advertising effectiveness.
research partners, including those performing surveys or research projects in partnership with OORDY or on OORDY’s behalf.
service providers that assist OORDY to enhance the safety and security of OORDY apps and services.
service providers that provide us with artificial intelligence and machine learning tools and services.
accountants, consultants, lawyers, and other professional service providers.
insurance and financing partners.
insurance companies, in connection with insurance claims made or reported by a user relating to OORDY’s services, and for the purpose of adjusting or handling
the insurance claim.
airports.
third-party vehicle suppliers, including fleet and rental partners.

5. For legal reasons or in the event of a dispute

OORDY may share users’ data if we believe it’s required by applicable law, regulation, operating license or agreement, legal process or governmental request, insurance policy, or where the disclosure is otherwise appropriate due to safety or similar concerns.

This includes sharing data with law enforcement officials, public health officials, other government authorities, airports (if required by the airport authorities as a condition of operating on airport property), insurance companies, or other third parties as necessary to enforce our Terms & Conditions, user agreements, or other policies; to protect OORDY’s
rights or property or the rights, safety, or property of others; or in the event of a claim or dispute relating to the use of our services. In the event of a dispute relating to use of another person’s debit/credit card, we may be required by law to share a user’s data, including trip information, with the owner of that card.

This also includes sharing data with others in connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company.

6. With consent

OORDY may share a user’s data other than as described in this notice if we notify the user and they consent to the sharing.

E. Data retention and deletion

OORDY retains user data for as long as necessary for the purposes described above. Users may request account deletion through the OORDY apps and websites.

OORDY retains user data for as long as necessary for the purposes described above, which varies depending on data type, the category of user to whom the data relates, the purposes for which we collected the data, and whether the data must be retained after an account deletion request for the purposes described below.

For example, we retain data:

for the life of users’ accounts if such data is necessary to provide our services. E.g., account data.
for 7 years if necessary to comply with tax requirements. E.g., drivers’ trip information.
for defined periods as necessary for purposes of safety or fraud prevention. E.g., we retain incomplete driver applications for 7 years, and rejected
driver applications for 7 years.

Users may request deletion of their account via email, message, telephone or through OORDY’s website (riders here).

Following an account deletion request, we delete the user’s account and data, except as necessary for purposes of safety, security, fraud prevention or compliance with legal requirements, or because of issues relating to the user’s account (such as an outstanding credit or an unresolved claim or dispute). For drivers, this generally means that we retain certain parts of their data for as long as necessary for actual or potential tax, litigation, or insurance claims.

For riders, we generally delete data within 30 days of an account deletion request, except where retention is necessary for the above reasons.

4. Choice and transparency

OORDY enables users to access and/or control data that OORDY collects, including through:

privacy settings
device permissions
in-app ratings pages
marketing and advertising choices

OORDY also enables users to request access to or copies of their data, make changes or updates to their accounts, request deletion of their accounts, or request that OORDY restrict its processing of user data.

1. Privacy settings

Riders can set or update their preferences regarding location data collection and sharing, emergency data sharing.

Location data collection (riders)
Riders can enable/disable OORDY’s collection of their mobile device location data through their device settings.

Share Live Location (riders)
Riders can enable/disable OORDY’s sharing of their mobile device real-time location data with their drivers) through their device settings.
Notifications: discounts and news
Users may enable OORDY to send push notifications about discounts and news from OORDY.

Third-party app access
Users may authorise third-party applications to access their OORDY account data to enable additional features.

2. Device permissions

Most mobile device platforms (iOS, Android, etc.) have defined certain types of device data that apps cannot access without the device owner’s permission, and these platforms have different methods for how that permission can be obtained. Users should check the available settings on their devices, or check with their provider.

3. In-app ratings pages

After every trip, drivers and riders are able to rate each other on a scale from 1 to 5. An average of those ratings is associated with a user’s account and is displayed to other users for whom they provide or receive services. For example, rider ratings are available to drivers from whom they request transportation, and driver ratings are available to their riders.

Riders can see their average rating in the main menu of the OORDY app.

Drivers can see their average rating after tapping their profile photo in the OORDY Driver app.

4. Marketing and advertising choices

OORDY provides users with the following choices regarding how their data is used for purposes of marketing and advertising:

Personalised marketing communications from OORDY: Users may unsubscribe OORDY products and services in compliance with the ACMA (The Australian Communications and Media Authority) and The Spam Act 2003.
Data Sharing and Tracking: Users may choose here whether OORDY may share their data with third parties, or collect data regarding their visits and actions on third-party apps or websites, for purposes of personalised ads.

5. User data requests

OORDY provides users with a variety of ways to learn about, control, and submit questions and comments about OORDY’s handling of their data. In addition to the methods indicated below, users may also submit data requests via our Privacy Inquiry Form. Data access and portability: Depending on where they are located, users may have the right to “access” their
data (meaning, to be informed of the data that OORDY has collected about them), and to “portability” of their data (meaning, to receive a copy of such data). Regardless of their location, OORDY provides several options for viewing and obtaining copies of the data OORDY has collected about them.

Users can access data including their profile data and trip or order history through the OORDY apps.

Objections, restrictions, and complaints: Users may request that we stop using all or some of their data, or that we limit our use of their data. This includes objecting to our use of data that is based on OORDY’s legitimate interests. OORDY may continue to process data after such objection or request to the extent required or permitted by law.

In addition, depending on their location, Users may have the right to file a complaint relating to OORDY’s handling of their data with the data protection authority ACMA.

5. Legal information

A. Data controllers and Data Protection Officer

OORDY Pty Ltd is controller of the data processed in connection with use of OORDY’s services, except where it is joint controller with other OORDY affiliates.

Users may submit requests to exercise their rights regarding their data by contacting us via email or via contact us page.

B. Legal Framework for Data Transfers

We comply with applicable legal frameworks relating to the transfer of data.

OORDY is committed to protecting our users’ personal data regardless of where they are located or where, or by who, their personal data is processed. This includes implementing measures to protect users’ data, including:

securing user data when in transit, including through encryption, and at rest.
mandating company-wide training regarding privacy and data security.
implementing internal policies and procedures to limit access to, and use of, users’ data.
limiting government and law enforcement access to user data, except where required by law, there are imminent threats to safety, or users’ have consented to
the access.

Please note the following:

Request from law enforcement: OORDY is required under applicable law to share user data, including that which may be subject to OORDY’s certification, pursuant to legal process or governmental request, including from law enforcement.

C. Updates to this Privacy Notice

We may occasionally update this notice.

We may occasionally update this policy. If we make significant changes, we will notify users in advance of the changes through the OORDY apps or through other means, such as email. We encourage users to periodically review this notice for the latest information on our privacy practices.

Use of our services after an update constitutes consent to the updated notice to the extent permitted by law.

Privacy statement

Purpose

This policy is designed to support OORDY’s compliance with Australian Privacy Principles (APP) as well as supporting consumer confidence and positive branding within the market.

Influence

Information Privacy Act 2009 (Qld)
Privacy Act 1988 (Cth)
Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth)
Privacy Regulations 2013 (Cth)
Australian Privacy Principles
Office of the Australian Information Commissioner (www.oaic.gov.au)
Australian Psychological Society Code of Ethics Applications

Application

This policy sets out how we, OORDY (ABN 28 544 240 701) and all its related entities handle your personal information (i.e. information about you or serves to identify you).

1. Privacy Policy

Definitions:

“Driver”: a rideshare driver utilising the OORDY platform to access riders seeking transport

“Rider”: an individual seeking to utilise, or currently utilising, OORDY for rideshare transport
“Account”: an Account is created when an individual enters required details into the OORDY App, and agrees to the App Terms & Conditions, in order to take or complete trips

Introduction

Your privacy is important to us. We therefore manage personal information in accordance with the Information Privacy Act 2009 (Qld), Privacy Act 1988 and the Australian Privacy Principles (APP).

This policy applies to information collected by OORDY’s (ABN 28 544 240 701) and all its related entities.

We only collect information that is reasonably necessary for the proper performance of our activities or functions. We do not collect personal information just because we think it could be useful at some future stage if we have no present need for it.

We may decline to collect unsolicited personal information from or about you and take steps to purge it from our systems.

This document outlines how we manage your personal information as an “APP entity” under the APP and provides the information flow associated with that information.

If you have any questions, please contact us.

Please note that this document contains some active hyperlinks to information on other websites. If you click these links, you will be taken away from our website. We do not warrant the accuracy of any information on an outside website.

APP Entity
OORDY (ABN 28 544 240 701) and all its related entities, hereby referred to as “OORDY”, “we”, “us” or “our” manages personal information, as an Entity, under the APP, an APP entity. Because we may provide services to a range of Commonwealth, State and Territory government agencies, it may sometimes become necessary for us to collect and manage personal information as an Agency under different privacy arrangements.

Information flow
When we collect your personal information, we:

Collect it when you create an Account through the OORDY Driver or Rider App (the OORDY App) and when you use the OORDY App to take or complete trips.

Ensure that it is current, complete, and accurate. This may involve cross-checking the information with third parties.

Record and hold this information in our customer database system (CDS).

May disclose some information to overseas recipients.

Retrieve your information when we need to use or disclose it for our functions or activities. At that time, we ensure it is current, complete, accurate, and relevant. This may involve cross-checking the information with third parties again, especially if some time has passed since the last check.

Allow you to access your personal information in accordance with APP 12, subject to the exceptions set out in APP 12.

Correct or attach associated statements to your personal information in accordance with APP 13.

Destroy or de-identify your personal information when it is no longer needed for any purpose for which it may be used or disclosed, provided that it is lawful for us to do so. In Australia, we do not destroy or de-identify information that is contained in a Commonwealth Record.

Kinds of Information We Collect and Hold

The personal information we collect and hold is reasonably necessary for the proper performance of our functions and activities as a rideshare operator. The specific information collected may differ depending on whether you are an OORDY Driver or Rider.

For Drivers
The type of information that we typically collect and hold includes:

Information necessary and reasonable to ensure and validate compliance with state and territory government requirements pertaining to rideshare drivers and operators, or to manage performance on rides obtained through us, including:

Personnel information such as contact details

Business information including ABN

Vehicle and licensing information

Information about conduct and performance

Information about your right to work in Australia and your clearance to work with children

Information obtained to assist in managing client and business relationships

For Riders
The type of information that we typically collect and hold includes:

Information necessary and reasonable to ensure OORDY’s functions and activities as a rideshare operator or to manage the sustained growth of OORDY through consumer analytics, including:

Personnel information such as personal details, contact details, date of birth, and postcode

Information about conduct

Information obtained to assist in managing client and business relationships

Purposes

The purposes for which we collect, hold, use, and disclose your personal information are likely to differ depending on whether you are an OORDY Driver or Rider.

Information that we collect, hold, use, and disclose about individuals is typically used for:

Rideshare operator functions and activities

Payment purposes

Statistical purposes

Statutory compliance requirements

Insurance purposes

Legal compliance in relation to some types of information

Risk management

Direct marketing policy
Your personal information may be used for marketing purposes. We provide Riders with an option to choose whether they wish to receive marketing communications or participate in marketing activities directly or via a third party:

All electronic marketing communications offer recipients a clear and accessible option to unsubscribe.

Additionally, you can contact our Privacy Officer to opt out of any marketing communications.

We comply with the requirements of anti-spam legislation.

Personal information may flow between us and third parties via electronic means.

How We Collect Your Personal Information

The means by which we collect your personal information may differ depending on whether you are an OORDY Driver or Rider. We may verify or collect information from third parties and publicly available sources when necessary for specific purposes, such as checking information you have provided or when you have consented to or would reasonably expect us to verify or collect your information in this way.

Sometimes, the technology used to support our communications may provide personal information to us – see the section on Electronic Transactions. Also, refer to the section on Photos and Images.

We collect personal information directly from you when you create an account through the OORDY App and in connection with that account. Personal information is also collected when:

We receive the results of any criminal checks or interactions with law enforcement or regulatory bodies.

We receive performance or conduct feedback(whether positive or negative).

We receive any complaint from or about you regarding your interaction with OORDY.

Additionally, personal information is collected directly from you electronically through our telecommunications and technology systems – see the section on Electronic Transactions. We may also collect personal information about you from publicly available sources, including State and Territory Authorities. When we collect personal information about you from
publicly available sources for inclusion in our records, we will manage the information in accordance with the Australian Privacy Principles (APP) and our Privacy Policy.

Photos and images
We will not request that you supply photographs, scan photo ID, or capture and retain video image data of you when simply sighting these documents would suffice. However, video surveillance operating in or near our premises may occasionally capture images of you. Additionally, please read the section about Electronic Transactions, as your communications with us may sometimes include profile images of yourself that you have uploaded to the Internet.

Electronic transactions
This section explains how we handle personal information collected from our website, the OORDY App, or other technology during electronic transactions. It is important to understand that there are risks associated with using the Internet, and you should take all appropriate steps to protect your personal information. For guidance, you may refer to the Office of the Australian Information Commissioner’s resources on internet communications and other technologies.

We sometimes collect personal information that individuals choose to give us via online forms or by email, such as when individuals:

Create an account to access the OORDY App

Make a written online inquiry or email us through our website or other social media channels. If you have concerns about making contact via the Internet, you can reach us by landline telephone or post.

Browsing
When an individual visits our website, our internet service providers record the visit and log the following information in server logs for statistical purposes:

The individual’s server address

The individual’s top-level domain name (e.g., .com, .gov, .org, .au, .co, .uk)

The pages accessed and documents downloaded

The previous site visited

The type of browser used and other information as specified in the provider’s terms and conditions

OORDY does not identify users or their browsing activities except in the event of an investigation where a law enforcement agency may exercise a warrant to inspect the internet service provider’s server logs. We do not accept responsibility for the privacy policies of any other sites linked to our site. It is advisable to review the privacy policies of other sites
before disclosing personal information. Our website also contains links to external websites; clicking these links will take you away from our site. We do not warrant the accuracy of any information on external websites.

Cookies
Cookies are uniquely numbered identification tags placed on your browser. By themselves, cookies do not identify you personally, but they may link back to a database record about you. If you register on our site, we may link your cookie to your personal information.

Our website uses cookies to monitor usage, enable user registrations and employment inquiries, and create a personal record of your visits and viewed pages. You can delete cookies from your browser or adjust your web browser settings to disable cookies altogether.

Our website also uses session cookies during job search queries and when individuals access their profiles. Apart from these circumstances, our internet service provider does not employ cookies on our website. Website statistics are generated from server logs as outlined above.

When you close your browser, the session cookie set by our website is destroyed, and no personal information is maintained at OORDY that could identify you if you visit our website again later.

Web bugs
We may occasionally use third-party software to monitor our website usage and the success of electronic marketing campaigns. The data collected is not personally identifiable; only generic browser information may be gathered to help us improve website compatibility and email communications.

Cloud computing services
When we use cloud computing services, we take reasonable steps to ensure that:

Disclosure of your personal information to the cloud service provider is consistent with our obligations under the Australian Privacy Principles. This may include obtaining your consent or ensuring that the disclosure is for purposes within your reasonable expectations.

Disclosure complies with any other legal obligations.

Our cloud computing service provider’s terms of service acknowledge our obligations to protect the privacy of your personal information and ensure they do not take actions that would cause us to breach those obligations.

Uploading photographs
We do not upload photographs of any individuals without their consent.

Emails
Our technology systems log emails received and sent. When we receive your email address because you sent us a message, it will only be used or disclosed for the purpose you provided it. It will not be added to a mailing list or used for any other purpose without your consent, except as permitted or required by law.

Call and message logs
When we receive your phone number because you called us or sent us a message, it will only be used or disclosed for the purpose you provided it. It will not be added to a phone list or used for any other purpose without your consent, except as permitted or required by law.

Database
We use software and databases to log and record OORDY’s operations.

Paperless office
Recognizing the environmental benefits and efficiencies, we operate a partially paperless office. Consequently, your paper-based communications with us may be digitized and retained in digital format. The original paper documents may then be confidentially retained, archived, or destroyed as necessary. Therefore, except where specifically requested, please do not send us originals of any paper-based documents. We only require originals or copies of paper-based documents when explicitly requested.

How Your Personal Information is Held

Personal information is retained in our information record system until it is no longer needed for any purpose for which it may be used or disclosed. At that time, it will be de-identified or destroyed, provided that it is lawful to do so.

We implement a range of measures to protect your personal information from:

Misuse, interference, and loss

Unauthorized access, modification, or disclosure

Our Information Record System
Information is primarily stored on OORDY servers located in several data centers across Australia and other secure data centers worldwide. Data and communications stored in the cloud are encrypted using 128-bit encryption keys and password protected. Additionally, a two-layer authentication process is utilized wherever possible.

Information Security
We protect information through various steps and strategies in the following areas:

Governance
ICT security
Data breach
OAIC’s Data breach notification guide www.oaic.gov.au will be followed
Physical security
Personnel security and training
Workplace policies
Risk assessments, policies and procedures in place for the information life cycle
Australian and industry/sector standards
Monitoring and review

Disclosures

We may disclose your personal information for the primary purposes for which it is held or for a lawful related purpose. Additionally, we may disclose your personal information when we are legally obligated to do so, including circumstances where we have a legal duty of care to disclose information.

Related purpose disclosures
We outsource various services to contracted service providers (CSPs). These CSPs may have access to some of your personal information. Typically, our CSPs include:

Software solution providers

IT contractors and database designers

Internet service suppliers

Legal and other professional advisors

Licensing and screening agents

Marketing agencies

We take reasonable steps to ensure that our contracts with CSPs acknowledge our obligations to protect your personal information and require them to comply with these obligations.

Cross-Border Disclosures

Some of your personal information may be disclosed to our related bodies corporate, clients, and third-party service providers and suppliers (including technology service providers). These providers may be based overseas or use overseas infrastructure to perform services for us. The entities may be located in countries such as Australia, Europe, Hong Kong,
India, Japan, New Zealand, Singapore, the United States, and the United Kingdom.

While we strive to keep this list accurate, technology changes rapidly, and so does the location of data storage. If you have any concerns about where your information is being stored, please contact us to check for any updates to this list since publication.

Access and Correction

Subject to certain exception s outlined in privacy law, you have the right to access your personal information that we hold. One key exception is if granting access would impact the privacy rights of other individuals. We may also refuse access if it would breach confidentiality.

Access policy
If you wish to access your personal information, please contact us and be prepared to verify your identity. We typically respond to access requests within 30 calendar days.

We may refuse a request in accordance with APP 12 if the requested information is not readily retrievable, does not exist, or cannot be found. If we refuse access, we will inform you of our decision. You have the right to complain about our handling of your personal information if you believe we have interfered with your privacy. For more details, please refer to
the complaints section below.

Correction policy
If you discover that the personal information we hold about you is inaccurate, outdated, incomplete, irrelevant, or misleading, you can request a correction by contacting us. We will take reasonable steps to correct that information to ensure that, considering the purpose for which it is held, the information is accurate, up to date, complete, relevant, and not misleading.

Here is a detailed guide on how to request a correction and what to expect during the process:

Contact Us: Begin by reaching out to us through our designated contact channels, such as email or phone. Clearly state that you are requesting a correction of your personal information. Provide specific details about the inaccuracies and, if possible, include any supporting documentation that highlights the errors.

Example: “I am writing to request a correction to my personal information. My address listed on your records is outdated. The correct address is [provide the updated address]. I have attached a copy of my recent utility bill as proof.”

Verification: Once we receive your request, we will verify your identity and the authenticity of your request to ensure that the corrections are legitimate and authorized. This step is crucial to protect your privacy and prevent unauthorized changes.

Evaluation and Correction: We will evaluate the information provided and determine the necessary steps to correct it. This might involve updating our internal databases, contacting third parties, or making changes to relevant documents.

a. Rationale: Ensuring the information is correct and relevant is vital for accurate record-keeping and for any interactions or decisions based on this data.

Verification to Third Parties: If the inaccurate information has been disclosed to third parties, you can request that we notify them of the correction. We will take reasonable steps to inform these third parties unless it is impracticable or unlawful to do so.

a. Example: If we shared your outdated address with a service provider, we will notify them of the updated address to prevent any future errors in communication or service delivery.

Processing Time: Processing your correction request may take some time, especially if we need to contact third parties. Typically, we aim to correct your personal information within 30 calendar days. This timeframe allows us to thoroughly verify and update the information across all relevant platforms and records.
Outcome and Documentation: After making the necessary corrections, we will inform you of the outcome. If, for any reason, we refuse to correct your information, you have the right to provide a statement specifying your disagreement with our decision. We will attach this statement to your record, ensuring that your perspective is documented.

a. Example: “We have updated your address as requested. If there are any further corrections needed, please let us know. If you disagree with any part of this decision, you may submit a statement for us to attach to your record.”

Complaints: If you believe that we have mishandled your personal information or interfered with your privacy, you have the right to file a complaint. Refer to the complaints section below for detailed instructions on how to proceed.

a. Example: “If you have any concerns about how we have handled your personal information, please contact us directly. We take all complaints seriously and will work to resolve any issues promptly.”

By following these steps, we aim to maintain the accuracy and integrity of your personal information, ensuring it is used appropriately and securely.

Complaints

You have the right to complain about our handling of your personal information if you believe we have interfered with your privacy.

To make a complaint, please first contact us in writing via email. You can also lodge complaints with the Office of the Australian Information Commissioner.

When we receive your complaint:

We will take steps to confirm the authenticity of the complaint and verify the contact details provided to ensure we are responding to you or an authorized person.

Upon confirmation, we will acknowledge receipt of your complaint in writing and confirm that we are handling it in accordance with our policy.

We may ask for clarification on certain aspects of the complaint and request further details.

We will consider the complaint and may make inquiries to establish what happened and why.

We will require a reasonable time (usually 30 days) to respond.

If the complaint can be resolved through access and correction procedures, we will suggest these as possible solutions.

If we believe the complaint may be resolved by another method, we will suggest that solution to you confidentially and without prejudice.

If the complaint cannot be resolved by the means we propose, we will suggest that you take your complaint to any recognized external dispute resolution scheme to which we belong or to the Office of the Australian Information Commissioner.

Contact us

If you wish to contact us about your personal information you should contact our Privacy Officer

Phone:
1800, 8:00am to 5:00pm Australian Eastern Standard Time, Monday to Friday
Email:
info@oordy.com, 8:00am to 5:00pm Australian Eastern Standard Time, Monday to Friday
Post:
The Privacy Officer, OORDY, 3/10 Aminya st, Mansfield, Brisbane 4122

2. Privacy Statement

Application of this privacy statement

This privacy statement applies solely to OORDY’s website and Driver and Rider Apps. It aligns with OORDY’s Privacy Policy and covers all OORDY activities.

Links to external websites are not part of OORDY, and this Privacy Statement does not apply to those sites.

OORDY’s Privacy Policy is also available from the Privacy Officer.

Information Privacy Act 2009 (Qld): Personal information

In this privacy statement the term ‘personal information’ has the meaning provided in chapter 1, of Part 2 under Section 12 of the Information Privacy Act 2009 (Qld). “Personal information is information or an opinion, including information or an opinion forming part of a database, whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.” Detailed information about the Act is available at the Department of Justice and Attorney-General

Collection of personal information

The OORDY website is intended to be used anonymously. However, certain functions may require the collection of personal information, and you will be informed if OORDY is collecting this information from you.

There are two exceptions to this:

1. When someone else provides OORDY with your personal information. OORDY cannot prevent this. However, you have the right to access and correct any personal information about you collected by OORDY.

2. When OORDY collects website visitation statistics using a web analytics service. These statistics may qualify as personal information under the Information Privacy Act 2009 (Qld), but they are not used to identify individual web users.

How we collect information

In accordance with our Privacy Policy, the department commits to treating any personal information you provide as confidential and using it solely for the indicated purposes. These purposes include, but are not limited to, the following services:

Electronic direct mail (EDM) & newsletter subscription

OORDY uses third-party suppliers to provide online communication services for some email campaigns and newsletter services. When you subscribe to newsletters, you provide personal information to the department, which will not be disclosed for any other purpose without your consent.

You can unsubscribe at any time, and your email address will be moved to an ‘unsubscribed contacts’ email database. To do this, click on the unsubscribe link within each email or newsletter.

Social media
If you choose to engage with OORDY via social network channels such as LinkedIn, Twitter, YouTube, Instagram, or Facebook, please be aware of the following:

OORDY only collects information that you voluntarily provide through polls, responses, posts, comments, direct messages, and tweets.

Your social media profile contact details may be used to contact you for feedback or to engage in conversation. All contact will be made through the channels you choose to participate in.

Any information you post on social media sites is potentially accessible to anyone else engaging with the same social media.

Managing your individual privacy settings for profiles and accounts on social media networks is your responsibility. OORDY has no control over these settings.

Each social network has built-in privacy settings. We strongly recommend regularly checking and configuring the privacy settings for your profiles and accounts to ensure you know what information you are sharing and with whom.

When you join our social networks or participate in any way, some of your personal information may become visible to others. For example, if you ‘Like’ an OORDY post, tweet, comment, or update; share a link; follow on Twitter; tweet a mention or retweet a message; or join a Facebook Group, your activity may be visible to others within these networks.

Social media accounts managed by the department include, but may not be limited to:

Use and disclosure of personal information

If you provide personal information, its use and disclosure will be regulated by OORDY’s Privacy Policy. If OORDY’s intended use or disclosure of personal information differs from the general policy, a specific privacy statement will be provided at the time of collection.

Personal information collected by OORDY will be used by and disclosed to departmental employees or contractors whose duties require access to it. These employees and contractors are obligated to protect and handle your personal information in accordance with the Information Privacy Act 2009 (Qld) and any other relevant legislation governing the collection, use, disclosure, storage, and destruction of personal information.

Access to and correction of personal information

You have the right to request access to any personal information that OORDY may have collected about you. Additionally, if you find that your personal information is inaccurate, incomplete, or outdated, you may request a correction.

Internet user risks

OORDY does not guarantee that the functions on this site will be uninterrupted or error-free. Additionally, OORDY is not responsible for the transmission of computer worms, viruses, or other harmful components from this site or third-party sites. OORDY recommends ensuring your browser has up-to-date virus protection software.

Website usage measurement

The OORDY website uses Google Analytics, a web analytics service provided by Google, Inc. (Google). Google Analytics uses cookies, which are text files placed on your computer, to help analyze how users interact with the site. The information generated by the cookie about your use of the website (including your IP address) is transmitted to and stored by Google on servers in the United States. Google uses this information to evaluate your website use, compile reports on website activity for operators, and provide other services related to website activity and internet usage. Google may also transfer this information to third parties when required by law or when these parties process information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You can refuse the use of cookies by selecting the appropriate settings in your browser; however, doing so may limit your ability to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes described above. For more information, please visit the Google Privacy Center.

Email addresses

Email addresses will only be used to respond to specific user queries and will not be stored or used for any other purpose. They will not be added to a mailing list without your consent, nor disclosed to any other party without your knowledge and approval.

Cookies

This website uses cookies to enhance your browsing experience. A cookie is a small data file that the web server places on your mobile device or hard drive. It cannot access any other data on your device or hard drive, transmit viruses, or capture your email address. The cookie will remain on your computer for future visits to this website. The department does not use cookies to record any personal information, collect names, or track commercial transactions, nor are cookies used for direct marketing purposes. You can
configure your browser to notify you when a cookie is received, allowing you to accept or reject it. Additionally, you can turn off all cookies in your browser settings or delete existing cookies if desired.

1800 667 344

Privacy