Privacy Policy
Last updated 2026-05-30
This Privacy Policy explains how Zinga Workforce ("we", "us") collects, uses, stores and discloses personal information in compliance with the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the EU General Data Protection Regulation (GDPR) where applicable.
1. Information we collect
- Identifiers and contact details — name, email, phone, date of birth.
- Employment data — start/end dates, employment type, classification, base rate.
- Payroll-sensitive data — Tax File Number, bank BSB + account, superannuation fund details. Encrypted at rest with AES-256-GCM.
- Emergency contact details supplied by the employee.
- Time and attendance — clock events, GPS coordinates if you use mobile or kiosk clock-in, optional photo capture.
- Recruitment data — for Talent Finder candidates, only what a recruiter manually enters or what an applicant submits via the public apply form with consent.
2. How we use it
Workforce management: rostering, time tracking, payroll calculation, leave administration, HR record-keeping. We never sell personal data and never share it with third parties for advertising. Aggregated, de-identified usage data may be used to improve the product.
3. Where data lives
All operational data is stored in Australian-hosted PostgreSQL databases. Encryption keys live in environment secrets separate from the database. Daily backups are encrypted at rest and retained for 30 days.
4. Your rights (APP 12 + GDPR Article 20)
Every authenticated user can download a complete JSON export of every record we hold about them at any time via GET /api/me/data-export. You also have the right to request correction or deletion of your data — contact your organisation's administrator, who can action it through the platform.
5. Recruiter consent (Talent Finder)
If you apply to a role through Zinga Workforce, your consent to be contacted is recorded verbatim on submission. You can withdraw consent at any time by contacting the recruiter; we will mark your record as withdrawn and stop further outreach.
6. Hard non-collection rules
We never scrape LinkedIn, Facebook, LINE, Indeed, Seek, Glassdoor or any other third-party platform for candidate data. Every Talent Finder record originates from recruiter manual entry, recruiter-pasted visible text, candidate-submitted forms, or approved official APIs.
7. Security incidents
In the event of an eligible data breach as defined by the Notifiable Data Breaches scheme, we will notify affected individuals and the OAIC as soon as practicable.
8. Contact
For privacy enquiries: privacy@aspiredigital.group