Privacy Policy

Effective Date: 27 April 2026  |  ShiftMatch Australia Pty Ltd (ABN pending)

1. Our Commitment — Australian Privacy Principles

We are bound by the 13 Australian Privacy Principles (APPs) contained in Schedule 1 of the Privacy Act 1988 (Cth). These principles govern how we handle personal information and give you rights in relation to your data.

2. What Personal Information We Collect

3. How We Use Your Information

• Platform Operation: Matching Workers with relevant Shifts based on skills, location, and certifications;
• Identity & Eligibility Verification: Verifying Worker identity and right to work, and Employer ABN validity;
• Payments: Processing shift payments, deducting commissions, and disbursing funds;
• Communications: Sending shift notifications, account alerts, and platform updates;
• Safety: Investigating disputes, fraud, and WHS incidents;
• Legal Compliance: Meeting obligations under Australian law including tax and employment law;
• Platform Improvement: Analysing usage patterns to improve features and user experience;
• Marketing: Sending relevant platform communications (you may opt out at any time).

4. Who We Share Your Information With

We do not sell your personal information to third parties. We share personal information only in the following circumstances:

• Didit.me — Identity verification processing for Workers;
• Stripe — Payment processing;
• Employers — Limited profile information (name, skills, certifications, ratings) when a Worker applies for a shift. Bank details, TFN, and identity documents are never shared;
• Legal/Regulatory: Where required by Australian law, court order, or regulatory authority (e.g., ATO, Fair Work Commission);
• Business Transfers: In the event of a merger or acquisition, with prior notice to users.

5. Data Retention

• Active accounts: Retained for as long as your account is active;
• Deleted accounts: Financial records retained for 7 years per ATO requirements under the Income Tax Assessment Act 1997 (Cth);
• Marketing data: Deleted promptly upon opt-out or account closure.

6. Data Security

• TLS/HTTPS encryption for all data in transit;
• Encryption at rest for sensitive data (bank details, identity documents);
• Access controls on a need-to-know basis;
• Incident response procedures in compliance with the Notifiable Data Breaches scheme (Part IIIC of the Privacy Act).

In the event of a data breach likely to cause serious harm, we will notify affected individuals and the OAIC as required by law.

7. Your Rights

Under the APPs, you have the right to:

• Access: Request a copy of personal information we hold;
• Correction: Request correction of inaccurate or incomplete information;
• Deletion: Request deletion of your personal information (subject to legal retention requirements);
• Opt-Out: Opt out of direct marketing at any time;
• Complaint: Lodge a complaint about our handling of your data.

To exercise your rights: privacy@shiftmatch.work. We respond within 30 days. If unsatisfied, contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

8. Cookies & Tracking

• Essential Cookies: Required for the Platform to function (authentication, session management);
• Analytics Cookies: Help us understand how users interact with the Platform;
• Preference Cookies: Remember your settings and preferences.

You can control non-essential cookies through your browser settings. We do not use third-party advertising cookies.

9. Children's Privacy

ShiftMatch is strictly for users aged 18 and over. We do not knowingly collect personal information from individuals under 18.

10. Cross-Border Data Transfers

Where we use third-party service providers that may process data outside Australia (e.g., Didit.me, Stripe), we take reasonable steps to ensure they comply with privacy standards equivalent to the APPs.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be notified at least 14 days in advance. Current version at shiftmatch.work/privacy.html.