Privacy Policy

Updated 15 December 2023

Purpose

This Privacy Policy's purpose is to describe how Plato collects, uses, manages, and shares your personal data.

This document has been constructed in line with the principles set out in the NZ Privacy Act (2020).

Introduction & Scope

Plato Payments takes your privacy very seriously.

We treat any data that relates to an identified or identifiable individual or that is linked or linkable to them by Plato as “personal data”.

This means that data that directly identifies you — such as your name — is personal data, and data that does not directly identify you, but that can reasonably be used to identify you, is personal data.

Aggregated data is considered non-personal data for the purposes of this Privacy Policy.

Individuals always retain ownership of their personal data.

This Privacy policy covers how Plato Payments Ltd (NZ Company number 8385590) (collectively “Plato” and “us, our and we”) handles personal data whether you interact with us on our websites, our applications, or in person (including by phone or by email).

Plato’s Privacy Policy does not apply to how third parties define personal data or how they use it.

Your use of any part of our Services in any manner will constitute your consent to the collection, transfer, processing, storage, disclosure, and other uses of your personal data in accordance with this Privacy Policy. If you do not agree with the terms and conditions of this Privacy Policy, please do not use our Platforms and/or Services.

This Privacy Policy will be reviewed at least Annually to ensure it remains in-line with best practice.

We may amend the content of this Privacy Policy at any time by amending our Policy document & posting a revised version on our website.

Personal Data Plato collects from You

When you use the Services, we may collect a variety of information including:

• Account Information. Your login identifier, email address, devices authenticated, and account status.
• Device Information. Data about the devices which you use to access the services, such as browser type, IP address and inferred approximate geolocation (such as city).
• Contact Information. Data such as your name, email address, physical address, phone number, or any other contact information.
• Payment Information. Data about your billing address, method of payment, bank details, credit, debit or other payment card information, used for paying us.
• Transaction Information. Data about purchases of our products and services, and identity of customers (as applicable).
• Fraud Prevention Information. Data used to help identify and prevent fraud, including a device trust score.
• Usage Data. Data about your activity on and use of our Services, such as app launches, including browser history, search history, product interaction, crash data, performance and other diagnostic data, and other usage data.
• Business Information. Data about the business entity that you register as an organisation on Plato to send invoices and progress claims from, including the business entity name, business name as displayed in the application, address, phone number, logo, GST registration status, and GST registration number.
• Third Party Business Information: Data relating to your customers, such as business name, email address, billing address, GST registration number and GST registration status.
• Financial Data. Documents such as progress claims, invoices, schedules, and timesheets, that you create or send using our services. This includes the descriptions of line items, quantities, prices, percentage of completions, totals, and includes data attached to such documents including photos, PDFs, or any other files uploaded, and the business information they are associated with.
• Other Information You Provide To Us. Details such as the content of your communications with Plato, including interactions with customer support and contacts through social media channels.
• Plato collects this information in various ways, including but not limited to when:
• you access, use, provide feedback or otherwise interact with our services, including support messages and use of third-party websites integrated with our Services;
• you communicate with our representatives or Plato staff members during the course of providing you with the Services;
• you send information in emails or correspond with Plato during the provision of the Services;
• we indirectly obtain information from you, such as information about the hardware and software you use when accessing the Services, your IP address, the pages you access on the Platforms, and other websites that you visit prior to accessing the Platforms; and
• We use cookies to track your use of the Platforms.
• You are not required to provide the personal data that we have requested. However, if you choose not to do so, in many cases we will not be able to provide you with our products or services or respond to requests you may have.

Personal Data Plato Receives from Other Sources

• Individuals. Plato may collect data about you from other individuals – for example, if that individual has sent you a progress claim, or shared content with you.
• At Your Direction. You may direct other individuals or third parties to share data with Plato. For example, you may direct your suppliers to submit progress claims to you using our services.
• Plato Partners. We may also validate the information you provide, for example when registering for a new organisation, with a third party for security and fraud-prevention purposes.

For research and development purposes, we may use datasets such as those that contain images, voices, or other data that could be associated with an identifiable person. When acquiring such datasets, we do so in accordance with applicable law, including law in the jurisdiction in which the dataset is hosted. When using such datasets for research and development, we do not attempt to reidentify individuals who may appear therein.

Plato's Use of Personal Data

We use your personal data to power our services, to process your transactions, to communicate with you, for security and fraud prevention, and to comply with law. We may also use personal data for other purposes with your consent.

Depending on the circumstance, we may rely on our consent or the fact that the processing is necessary to fulfil a contract with you, protect your vital interests or those of other persons, or to comply with law. We may also process your personal data where we believe it is in our or others’ legitimate interests, taking into consideration your interests, rights, and expectations.

• Power Our Services: We collect personal data necessary to power our services, which may include personal data collected to improve our offerings, for internal purposes such as auditing or data analysis, or for troubleshooting.
• Process your transactions: To process your transactions, we must collect data such as your name, purchase and payment information.
• Communicate with You: To respond to communications, reach out to you about your transactions or account, market our products and services, provide other relevant information, or request information or feedback. From time to time, we may use your personal data to send important notices, such as communications about purchases and changes to our terms, conditions, and policies. Because this information is important to your interaction with Plato, you may not opt out of receiving these important notices.
• Security and Fraud Prevention: To protect individuals, employees, and Plato and for loss prevention and to prevent fraud, including to protect individuals, employees, and Plato for the benefit of all our users, and pre-screening or scanning uploaded content for potentially illegal content, including child sexual exploitation material.
• Personal Data Used for Personalization: If you choose to personalize your services or communications where such options are available, Plato will use information that we collect so that we can offer you those personalized services or communications. You can learn more about how relevant services use information to personalize your experience by reviewing the privacy information presented when you first use a service that asks to use your personal data.
• Comply with Law: To comply with applicable law — for example, to satisfy tax or reporting obligations, or to comply with a lawful governmental request.
• to provide Services to you and undertake associated business processes and functions;
• to verify your identity and comply with legal obligations under the relevant AML/CFT Laws for your region;
• to collect payment for your use of the Services provided;
• to troubleshoot problems with the Platforms and the Services provided;
• to detect and prevent fraud and other illegal use of the Platforms and the Services provided;
• to send you marketing notices, service updates, and promotional offers;
• for administration, planning, and account management;
• to develop, monitor, and improve Services; and
• any other purpose disclosed to you at the time of information collection.

Plato retains personal data only for so long as necessary to fulfil the purposes for which it was collected, including as described in this Privacy Policy or in our service-specific privacy notices, or as required by law. We will retain your personal data for the period necessary to fulfil the purposes outlined in this Privacy Policy and our service-specific privacy summaries. When assessing retention periods, we first carefully examine whether it is necessary to retain the personal data collected and, if retention is required, work to retain the personal data for the shortest possible period permissible under law.

Where we anonymise your Personal Information (so that it can no longer be associated with you) for research or statistical purposes, we may use this information indefinitely without further notice to you.

Plato's Sharing of Personal Data

Plato may share personal data with service providers who act on our behalf, our partners, developers, and publishers, or others at your direction. Plato does not share personal data with third parties for their own marketing purposes.

Nevertheless, we may share Personal Information about you as follows:

• Service Providers: Plato may engage third parties to act as our service providers and perform certain tasks on our behalf such as processing or storing data, including personal data, in connection with your use of our services and delivering products to customers. This includes transaction processing, running analytics, fraud prevention and professional advisors such as solicitors, briefing business advisors and consultants. It also includes entities we partner with to offer additional products and services, but only when you elect to receive information about those additional products and services.
• Others: Plato may share your personal data with others at your direction or with your consent, such as when you use Plato to send a progress claim to one of your customers. We may also disclose information about you if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate. We may also disclose information about you where there is a lawful basis for doing so, if we determine that disclosure is reasonably necessary to enforce our terms and conditions or to protect our operations or users, or in the event of a reorganization, merger, or sale.

Your Privacy Rights

A Plato customer may restrict the sharing of their Personal Information as follows:

1. if, after giving Plato your permission to share your Personal Information with third parties, with whom we deem it necessary to provide our jointly offered services, you later decide that you no longer want us to share such information, you can email support@platopayments.com; and
2. it should be noted that a request to restrict or modify the use of your information may result in you no longer being able to use our Services.

There are no charges for requesting access to or the correction of your Personal Information, however, if the volume of information we hold is excessively large, we reserve our rights to charge you any reasonable administration fees (including fees for photocopying) associated with your request.

You may be entitled to request your personal data held by Plato at any given time, provided it follows the AU Privacy Act or NZ Privacy Act. To do so, contact Plato directly at support@platopayments.com. Where you are entitled to that information, Plato will ensure it is provided in the manner you requested it within a reasonable time of such request.

There may be circumstances which mean that information cannot be released to you.

For example, these circumstances may include:

• the information may impact the privacy of another individual;
• the information is commercially sensitive evaluative information;
• the information is subject to solicitor-client or litigation privilege;
• Plato is prohibited by law from providing you with access; and the disclosure could be expected to threaten the safety, physical or mental health or life of an individual.

If Plato decides that it cannot provide you with certain information, it will outline the reasons for its decision in writing and the mechanisms available to complain about the refusal.

In order to protect the confidentiality of your Personal Information, details of your information will only ever be passed on to you where we are satisfied that the information relates to you.

Accordingly, we may request documentation from you which confirms your identity before passing on any Personal Information which relates to you.

Protection of Personal Data

Plato takes reasonable steps to maintain the security of your personal data. While we have a range of safeguards to protect this information and use technical safeguards to protect your personal data, including use of encryption, we make no representations or warranties regarding third parties’ privacy practices, or to the nature of data transmitted using the internet.

We can store your information physically or electronically ourselves, or with others contracted to hold the information for us in New Zealand, Australia or overseas. We will act reasonably to ensure that your information is protected from unauthorised use or disclosure.

Cookies

To improve your experience on our services, and to authenticate your access to our services, we may use ‘cookies’, being small data files that are served by our websites and stored on your device. These are used by us or third parties for a variety of purposes including to operate and personalise the services. Cookies may be used for recording preferences, conducting internal analytics, conducting research to improve our offering, assisting with marketing, and delivering certain functionality. You may refuse to accept cookies by selecting the appropriate setting on your internet browser.

However, please note that if you do this, you may not be able to use the full functionality of our Platforms.

Third Party Websites

Our websites contain links to other websites. Plato maintains it is not responsible for the privacy practices or the content of other websites. Please ensure you familiarise yourself with the privacy practices of these other sites prior to submitting your personal data to them.

Complaints and Disputes

For any question, dispute, or complaint in relation to Plato Privacy Policy, please email support@platopayments.com.