1. Ascender Group and our commitment to our customers

The Ascender Group is comprised of Pacific Payroll Partners Pty Ltd ACN 604 932 658, an Australian corporation, Pacific Payroll Partners Singapore Pte Ltd Co No. 201511331H, a company incorporated in Singapore, and each of their subsidiaries (all Ascender Group Companies).

The Ascender Group is a global provider of human capital management solutions. Ascender assists leading global and national businesses and operates globally from our head offices in Sydney, Australia and Singapore. Information related to our services can be found at www.ascenderhcm.com. The Ascender Group’s solutions require us to collect, store, use or otherwise process personal and sensitive information of our customers. Our business depends on the Ascender Group maintaining trust, through the demonstrably effective and reliable adherence to data protection laws, protection of personal data and of information security.

The Ascender Group believes that the confidentiality of personal and sensitive information is one of its fundamental responsibilities. We are committed to compliance with all applicable country-specific data privacy laws, including but not limited to, the EU General Data Protection Regulation (GDPR) and the Australian Privacy Act and APPs. Protecting the privacy and security of your Personal Data is of the highest importance to us. This Privacy Policy and Confidentiality Commitment describes the policies and practices adopted by each Ascender Group Company to ensure the protection of your personal data and to respect your fundamental right to privacy.

2.Who does this Privacy Policy apply to?

This Privacy Policy and Confidentiality Commitment (Privacy Policy) governs the operations of each Ascender Group Company and each of their sub-contractors. Ascender undertakes to ensure that the collection, use, handling, transfer, processing and disclosure of personal information by an Ascender Group Company that provides services to a customer, are conducted in compliance with the applicable Privacy Laws. This is intended to ensure that the sharing and disclosure of personal information and customer confidential information between an Ascender Group Company (that provides services to a customer) on the one hand, and another Ascender Group Company and sub-contractors that assist in provision of those services on the other hand, does not lessen the level of protection, or redress, available to a customer, regardless of the country in which processing or handling of that information occurs. We use best endeavours to apply uniform standards of privacy protection across each Ascender Group Company, and each sub-contractor that assists an Ascender Group Company to provide services to a customer. By adopting standards based on best practice data privacy laws, we comply with Privacy Laws in the country where the Ascender Group Company collects or stores personal information from a customer.

3. Updates to this Privacy Policy

We may modify or amend provisions of this Privacy Policy from time to time. We will display a notice on our website indicating when any change has been made. This Privacy Policy was last updated on 13 August 2019.

4. What is the purpose of this Ascender Privacy Policy?

The purpose of this Privacy Policy is to describe:

What personal information we collect and how we collect it; How we use personal information; Who we share or disclose personal information with or to; Measures we take to protect the security of the personal information we handle; Our privacy practices and how we comply with Privacy Laws; Our commitment to taking all reasonable measures to protect an individual’s privacy; and how to contact us about our privacy practices.

5. Confidentiality Commitment

Due to the nature of the services we provide, we collect and process personal data as defined by applicable Privacy Laws. We understand that each of our customers who entrust us with information about their employees, or other individuals, expects us to protect that information, lawfully, reliably, consistently, and in accordance with applicable Privacy Laws. We, therefore, commit to each customer that we will not disclose any personal information of their employees, or of other individuals who have been entrusted to us by a customer, to any person or entity (other than to an Ascender Group Company or any sub-contractor that assists an Ascender Group Company to provide services to a customer), except where: (i) it is reasonably required in the course of providing services to that customer, and the express consent of that customer has been obtained; (ii) required by applicable law; or (iii) required at the direction of a regulator.

6. How do we collect personal information?

6.1. Information received by us

In the provision of our services, we either collect personal information directly from a customer, an employee of a customer, an agent of a customer, or from a third party. For example, we may receive personal information about an individual from the individual’s employer where that employer, or a related entity to that employer, has contracted an Ascender Group Company to provide services. We rely on each customer to provide the necessary notices to each individual, and to obtain their consent, as required by applicable Privacy Laws, to enable that customer to provide personal information to us to enable us to provide services in accordance with terms applicable to that service and this Privacy Policy. We enter into Model Contractual Clauses/Data Privacy Processing Agreements with each customer that addresses relevant cross border transfers, sharing or disclosure of personal information and customer confidential information between an Ascender Group Company (that provides services to a customer) and each Ascender Group Company and sub-contractor that assist in provision of these services to that customer, and each parties obligations in accordance with applicable Privacy Laws. We may require a customer to assist us in taking all reasonable steps to verify that the customer is permitted to use and disclose personal information they provide to us.

6.2. Information collected by us

In some circumstances, such as for employment, recruitment, business, operational and administration purposes, or for business to business marketing purposes, we collect personal information about an individual directly from that individual (for example in person, over the telephone, by email, when you set up an account with us or complete one of our online or hard copy forms). Where we collect and use personal information about any identifiable individual from a publicly available source, we assess whether the collection and use are made in a manner that is both reasonably contemplated and permitted by the provider of that publicly available source. Where possible, we will confirm that the provider of the publicly available information has the consent of each individual to publish such information. If we are unable to obtain confirmation, we will contact you and seek consent directly from you to continue contacting you regarding such personal information. We may also automatically collect certain information when you visit our website, some of which may personally identify you. Such information includes the type of browser you are using, the type of operating system you are using, your IP address and how you use our website. You will be given the opportunity to opt-in the first time you visit our website and will be able to opt-out at any time thereafter.

7. What kind of personal information do we collect, receive and use, and why?

We do not collect personal information unless the information is reasonably necessary for one or more of our functions and activities or is required to meet a contractual commitment or legal obligation. The types of personal information collected, received and used by us will depend on the functions and activities that are relevant to the specific services we offer. For example, where we receive or collect personal information for the purposes of providing payroll services to a customer, the personal information will be decided on and provided by a customer and used strictly for the purposes relevant to such services. The personal information may include a person’s name, gender, date of birth, national ID numbers, nationality, an individual’s employment details, Tax File Number, superannuation account details, bank account details and other ancillary information that is required to fulfil contractual, legislative, filing and reporting obligations (including the payment of salary and wages). Where we are collecting information for the purposes of maintaining contact with our customers, to keep our customers and prospective customers informed of our services, to keep our customers and prospective customers updated on industry developments that may be of interest to them, we may collect an individual’s names, job title and their contact details. Where we are collecting information for recruitment, employment, business, operational and administration purposes, the information we collect may include, if allowed under applicable data protection laws, an individual’s photo, name, birth date, address, e-mail, addresses, contact details, tax file number, and financial information (such as bank account details). In limited circumstances, and upon the customer’s obligation to obtain your consent, we may receive or collect limited amounts of sensitive information. For example, we may receive sensitive information, from our customers, for the purposes of providing payroll services to our customers. We only receive such sensitive information where absolutely necessary for the delivery of services to our customer. In the delivery of payroll services, we may be required to know if an individual is a member of a trade union and accordingly make certain deductions. We may also collect sensitive information from our own employees for the purposes of establishing and managing the employment relationship.

8. When do we disclose personal information?

We may share or disclose personal information and customer confidential information to an Ascender Group Company, that provides services to a customer and each Ascender Group Company, and sub-contractors, that assist in the provision of these services to that customer. Where personal information or customer confidential information is provided to any sub-contractor that is not an Ascender Group Company, our agreement with such sub-contractors will require that they sign our Data Processing Agreement (DPA). The DPA requires them to comply with all applicable Privacy Laws, keep personal information confidential, and only use or disclose personal information for the purposes of providing specific services to us. All disclosures of personal information are identified and agreed upon with customers at the time the contract is signed. Other permitted disclosures include: 1) in connection with the sale of some or all of the business or assets of an Ascender Group Company; 2) as authorised by applicable Privacy Laws, including where an individual has been informed that their personal information will be used or disclosed to third parties in a particular way; or 3) this disclosure is required by other national laws or in response to legal process or when we believe in good faith that the law requires it, for example, in response to a court order, subpoena or a law enforcement agency’s request. We will not use or disclose any personal information of an identifiable individual for a purpose other than as above described.

9. Do we send information overseas?

In order to fulfil our contractual obligations, we may disclose your information to an Ascender Group Company that is a payroll processing centre or a subcontractor located outside the country in which an Ascender Group Company or our subcontractor provides service to a customer (such as in the Philippines, Malaysia and New Zealand). We may also be required by a customer to disclose personal information about an individual to an overseas recipient, such as a related body of that customer, for the purposes of delivering our services. We will only do so with the approval of our customer. In both cases, we will ensure that such information is only transferred in accordance with the applicable Privacy Laws, and only once we have taken reasonable steps to ensure that the overseas recipient complies with applicable Privacy Laws and this Privacy Policy.

10. Anonymity and pseudonymity

Individuals have the option to identify themselves or use a pseudonym when dealing with us, except where we are required or authorised by or under law, or court/tribunal order, to deal with an individual who has identified himself/herself; or it is impractical for us to deal with an individual who has not identified themselves or who has used a pseudonym (for example, in a job application).

11. Direct marketing

We will comply with laws relating to direct selling, distance selling and direct marketing, telemarketing, and spam, in relation to any activity by an Ascender Group Company that is regulated in relation to that activity, including 1) obtaining the explicit and freely given consent of the individual where required by applicable privacy laws; 2) allowing an individual to opt-out of receiving any further direct marketing from us; and 3) in each written communication from us, setting out our business address, telephone number and, if the communication with that individual is made by fax, telex or other electronic means, a number or address at which we can be directly contacted electronically.

If you decide you do not want to receive marketing communications from Ascender (a Ceridian company), you can opt-out by clicking on the “unsubscribe” link provided at the bottom of every marketing email or by visiting our Preference Center.

12. Cookies

A cookie is a small file containing information specific to a user, passed through an internet protocol such as a web browser and stored on a device. We use cookies and other technology to track access to, and use of, our website. The information gathered is not personally identifiable and is used to improve our website. Many browsers and internet access devices are set by default to accept cookies. However, if you do not wish to receive any cookies you may set your browser or configure your internet access device to either prompt you whether you wish to accept cookies on a particular site, or by default reject cookies. Please note that rejecting cookies may mean that some or all of the features and functionality of particular websites or internet services will not be available to you. Where required under applicable privacy laws, we will obtain explicit consent to place cookies on your browser or device.

13. Clear Gifs (Web Beacons, Web Bugs)

We employ a software technology called clear gifs (also known as Web beacons or Web bugs) along with similar technologies to help us better manage content on our site by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies that are used to track the online movements of Web users. In contrast to cookies, which are stored on a user’s computer hard drive, clear gifs, which are about the size of a period, are embedded invisibly on Web pages. We do not tie the information gathered by clear gifs, e-tags, or java scripts to our customers’ Personal Data.

14. Quality of your personal information

Where we collect personal information from an individual directly, we take steps to ensure that the personal information we collect, use and disclose is accurate, up to date and complete. These steps include maintaining and updating any personal information when we are advised by an individual that their information has changed. Where we collect personal information about an individual from a third party, we rely on that third party to ensure that information it collects is accurate, up to date and complete. In either case, when notified by the individual that the personal information is incorrect, we will make the necessary changes and confirm that the inaccurate information has been corrected.

15. Access and correction of your personal information

An individual may request access to their personal information held by us. Subject to any permitted exception under the Privacy Laws, we shall give that individual access to that information. If an individual notifies us that the information we hold about them is not accurate, we will take reasonable steps to correct that information. To the extent that we have received any personal information indirectly (for example, from a business for whom we act as sub-contractor), we will notify that business that it has received a request from an individual to access or correct the personal information it has provided to us. If you require access to your personal information, please send your request in writing to The “Privacy Officer, Ascender, Level 3 Tower B, 197 Coward St, Mascot, NSW 2020, Australia. Before we provide you with access to your personal information, you will be required to complete our Subject Access Request (SAR) Form and provide proof of identity. Your information will be provided free of charge. If we are unable to provide you with access to the information, we will provide you with reasons why we cannot provide the information and inform you of any exceptions relied upon under the applicable Privacy Laws. We take reasonable steps to ensure that your personal information is accurate, complete, and up-to-date whenever we collect or use it. If the personal information we hold about you is inaccurate, incomplete, irrelevant or out-of-date, please contact us and we will take reasonable steps to either correct this information, or if necessary, discuss alternative action with you.

16. Retention of personal information

For the most part, we do not retain personal information after we have used the personal information for the purposes for which we collected or received it and there is no longer a contract in place. If we do retain such personal information, it will only be for the following purposes: 1) as required by or under the applicable Privacy Law, or a court/tribunal order; 2) as required for professional indemnity insurance; and 3) in accordance with our back-up archive policy provided such policy does not violate applicable Privacy Laws. When no longer required, we use our best endeavours to ensure that all such information will either been returned to the Customer or destroyed in a secure manner and in a reasonable time frame.

17. How we hold and secure your personal information

The security of your personal information is important to us. We take reasonable steps to prevent the personal information we hold about you from misuse, interference or loss, and from unauthorised access, modification or disclosure. This includes the use of technologies and processes such as access control procedures, network firewalls, encryption and physical security to protect the privacy of your personal information. In the unlikely event of a data breach, we will comply with any applicable notification requirements of the applicable Privacy Laws.

18. Links to other websites

Sometimes our website contains links to other websites. When you access a website other than our Website, we are not responsible for the privacy practices of that site. We recommend that you review the privacy policies of each website you visit.

19. How to contact us

If an individual would like to access or inquire about any personal information we hold about that individual; has a query in relation to this Privacy Policy, or would like to make a complaint about our handling of an individual’s personal information, please contact us using the details below.

The “Privacy Officer”

Address: Level 3 Tower B, 197 Coward St, Mascot, NSW 2020, Australia

Email: privacy@ceridian.com

Telephone: +61 2 9934 5604

If you wish to make a complaint about an alleged breach of the Privacy Laws, we ask that you send us your complaint in writing to the email address listed above. We will endeavour to respond to complaints within a five (5) business days. If you are not satisfied with our response, you may make a complaint to the relevant privacy regulator. For Australia, complaints may be made to the Office of the Australian Information Commissioner by phoning 1300 363 992 or by email at enquiries@oaic.gov.au. For other regional jurisdiction’s, contact the relevant Government Data Protection authority.