Privacy Policy

1. Introduction

BiziOps Pty Ltd ("we," "us," or "our") is committed to protecting the privacy of individuals who visit our website at biziops.ai, use our platform, or otherwise engage with our services. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This Privacy Policy forms part of our Services Agreement with enterprise customers and should be read in conjunction with that agreement where applicable.

By accessing our website or using our services, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

We may collect personal information that you voluntarily provide, including:

• Contact Information: Name, email address, phone number, business address
• Account Information: Username, password, and account preferences
• Business Information: Company name, industry, job title, ABN/ACN
• Communication Records: Enquiries, feedback, and correspondence with our team
• Payment Information: Billing details processed through secure third-party payment providers

2.2 Information Collected Through Our Platform (User Data and Raw Input Data)

When you or your organisation uses the BiziOps platform, we may collect User Data and Raw Input Data, including:

• Employee and Workforce Data: Names, roles, qualifications, training records, and rostering information
• Credential and Compliance Data: Working with Children Check (Blue Card) details, driver's licence information, certifications, and other regulatory credentials verified through authorised services including the Document Verification Service (DVS)
• Operational Data: Incident reports, audit records, safety documentation, and compliance activities
• User Inputs: Specific inputs provided by you or your users as necessary to deliver the Services
• Usage Data: Platform interactions, feature usage, and system logs

2.3 Information Collected Automatically

When you visit our website, we may automatically collect:

• Device Information: IP address, browser type, operating system, and device identifiers
• Usage Information: Pages visited, time spent on pages, referring URLs, and clickstream data
• Cookies and Similar Technologies: As described in Section 11 below

3. Sensitive Information

The Australian Privacy Principles classify certain categories of personal information as "sensitive information," which attracts additional protections. This includes health information, biometric data, and information about racial or ethnic origin.

In the course of providing our services, we may collect or process sensitive information including:

• Health and Safety Information: Contained in incident reports, injury records, and workplace safety documentation
• Credential Verification Data: Including photographs and identity document details used for verification purposes
• Background Check Information: Working with Children Check status and related screening outcomes

We only collect sensitive information where it is reasonably necessary for our functions, and where we have obtained your consent or are otherwise permitted or required by law to do so. We apply enhanced security measures to protect sensitive information.

4. Children's Data

BiziOps provides services to childcare centres and early learning providers. In this capacity, our platform may process information that relates to children, including:

• Incident and accident reports involving children in care
• Attendance and enrolment records
• Medical and allergy information relevant to duty of care
• Developmental observations and educational records

Our approach to children's data:

• We do not collect personal information directly from children
• Children's data is collected and controlled by our enterprise clients (childcare providers) who are responsible for obtaining appropriate consents from parents and guardians
• We process children's data solely as a data processor acting on behalf of our clients and in accordance with their instructions
• We apply the highest standards of security and access controls to any data relating to children
• Children's data is never used for marketing purposes or shared with third parties except as required to provide our services or comply with regulatory requirements
• We support our clients in meeting their obligations under the National Quality Framework and relevant child protection legislation

5. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our platform and services
• Process transactions and manage your account
• Verify credentials and compliance documentation through authorised verification services
• Process Raw Input Data through our AI Agent to generate outputs including analysis, predictions, recommendations, and reports
• Generate predictive analytics, risk assessments, and operational insights
• Communicate with you about your account, updates, and support requests
• Send marketing communications (where you have consented or as otherwise permitted by law)
• Ensure platform security and prevent fraud or misuse
• Comply with legal obligations and regulatory requirements
• Conduct research and analysis to enhance our services

6. Artificial Intelligence and Automated Processing

BiziOps uses artificial intelligence and machine learning technologies (our "AI Agent") to deliver our Outcome AI platform capabilities. This section explains how we use these technologies and the safeguards we have in place.

6.1 How We Use AI

Our AI Agent processes Raw Input Data to generate outputs, which may include:

• Predictive Risk Analytics: Analyse patterns in operational data to identify potential compliance risks, safety hazards, and operational issues before they occur
• Automated Compliance Monitoring: Continuously monitor credential expiry dates, training requirements, and regulatory obligations
• Intelligent Document Processing: Extract and categorise information from uploaded documents and forms
• Operational Insights: Generate recommendations for improving efficiency, safety outcomes, and compliance performance
• Training Content Delivery: Personalise learning pathways and generate training materials

6.2 Closed AI Infrastructure

We operate a closed AI infrastructure. This means:

• No learning from your data: Our AI Agent does not learn from or adapt based on your Raw Input Data or User Data
• Static operation: The AI Agent operates in a static manner and its behaviour does not change unless we manually update the prompts that guide its operation
• No training on your data: Your Raw Input Data is not used to train our AI Agent
• No retention in the model: The AI Agent will not retain or incorporate your Raw Input Data or outputs into our model

6.3 Anonymised and Aggregated Data

We may use Raw Input Data that has been anonymised, de-identified, and aggregated to improve outputs from our AI Agent. This data cannot be used to identify any individual.

6.4 Human Oversight

While our AI systems provide predictions, recommendations, and automated alerts:

• Critical decisions affecting individuals (such as employment eligibility based on credential verification) are subject to human review
• Our clients retain control over how AI-generated insights are actioned within their organisations
• Users can request human review of any automated output that affects them

6.5 AI Limitations

You acknowledge that outputs generated by our AI Agent:

• May be subject to limitations
• May not reflect real-world complexities
• May not accurately reflect real people, places, or facts
• May contain errors

You remain solely responsible for decisions or actions taken based on or influenced by any outputs from our AI Agent.

6.6 Third Party AI Tools

We may incorporate third party AI tools into our AI Agent. Where we do so:

• Such tools are subject to the relevant third party terms and conditions
• We hold necessary licences for any third party AI tools incorporated into our services
• Your Raw Input Data will be processed by third party AI tools but will not be shared with, stored by, or used to train third party AI providers
• We may modify, replace, update, or cease use of third party AI tools, and will notify you in advance of significant changes where legally permitted

7. How We Share Your Information

We do not sell your personal information. We may share your information with:

7.1 Service Providers

Third-party vendors who assist us in operating our platform, including cloud hosting providers, payment processors, analytics services, credential verification services, and third party AI tool providers (subject to Section 6.6).

7.2 Verification Authorities

Government agencies and authorised bodies for the purpose of verifying credentials, including the Document Verification Service (DVS) and state-based Working with Children Check authorities.

7.3 Your Organisation

If you access BiziOps through an enterprise account, your organisation's administrators may have access to your platform usage and related data.

7.4 Legal Requirements

When required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of BiziOps, our users, or others.

7.5 Business Transfers

In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

8. Our Role as Data Processor

BiziOps operates in two capacities depending on the context:

8.1 Data Controller

We act as the data controller for:

• Information collected directly through our website (enquiries, marketing sign-ups)
• Account and billing information for our platform
• Usage analytics and platform performance data

8.2 Data Processor

For enterprise clients, we primarily act as a data processor. This means:

• Our clients (employers, childcare providers, facility operators) remain the data controllers and are primarily responsible for the collection, use, and storage of User Data and Raw Input Data
• We process this data on behalf of and under the instructions of our clients
• Our clients are responsible for ensuring they have appropriate legal bases, consents, and authorisations to collect and share data with us, and for providing appropriate notifications to their staff, clients, or customers
• Our clients must ensure they do not cause us to breach any Privacy Laws through their use of the Services
• We enter into data processing agreements with enterprise clients that govern our handling of their data

If you have questions about how your employer or service provider uses BiziOps to process your information, please contact them directly.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Access controls and authentication mechanisms
• Regular security assessments and monitoring
• Employee training on data protection practices consistent with industry best practice
• Data Security Capability and Security Controls compliant with ISO/IEC 27001:2022 or equivalent industry standard

We use commercially reasonable endeavours to ensure that Raw Input Data is not corrupted or deleted and that no errors are introduced to Raw Input Data.

While we strive to protect your information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.

Notifiable Data Breaches

In accordance with the Privacy Act 1988 (Cth), if we experience an eligible data breach that is likely to result in serious harm to any individuals whose information is involved, we will:

• Notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable
• Notify affected individuals, including recommendations about steps they should take in response
• Where we are acting as a data processor, notify our enterprise client so they can fulfil their own notification obligations

We maintain incident response procedures to ensure prompt identification, containment, and notification of data breaches.

10. Data Retention and Deletion

We retain personal information for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, regulatory, accounting, or reporting requirements. Retention periods vary based on the type of information and applicable obligations.

Data Export

At any time during your use of our Services, and for 30 days following the expiry or termination of your agreement with us, you may request in writing that we:

• Provide instructions to allow you to extract a copy of your Raw Input Data and/or User Data; or
• Extract and provide you with a copy of your Raw Input Data and/or User Data (fees may apply on a time and materials basis)

Data Deletion

Upon written request, we will within 21 days:

• Provide, or allow you to download, a copy of User Data in an industry standard format; or
• Permanently delete and destroy User Data, excluding any specific data we are required to retain under applicable laws

When personal information is no longer required, we will securely delete or de-identify it.

11. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your experience, analyse usage patterns, and deliver relevant content.

Types of Cookies We Use

• Essential Cookies: Required for basic website functionality
• Analytics Cookies: Help us understand how visitors interact with our website
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Used to deliver relevant advertisements (where applicable)

Managing Cookies

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect website functionality.

12. Licensing of Your Data

By using our Services, you grant us:

• A non-exclusive, non-transferable, royalty-free licence to access and use User Data and Raw Input Data during the term of your agreement for the sole purpose of providing the Services
• A non-exclusive, royalty-free, irrevocable, worldwide licence to use and retain a copy of an aggregated, anonymised form of User Data for our business purposes

This anonymised data cannot be used to identify any individual and helps us improve our Services for all customers.

13. Your Rights and Choices

Under the Australian Privacy Principles, you have the right to:

• Access: Request access to the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Complaints: Lodge a complaint if you believe we have breached the APPs

To exercise these rights, please contact us using the details in Section 16.

Marketing Communications

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in our emails or contacting us directly.

14. International Data Transfers

BiziOps may transfer personal information to recipients located outside Australia, including to cloud service providers, technology partners, and third party AI tool providers. Where we do so, we take reasonable steps to ensure that overseas recipients handle your information in accordance with the APPs.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated policy on our website with a revised "Last Updated" date.

We encourage you to review this Privacy Policy periodically.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For complaints that are not resolved to your satisfaction, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

This Privacy Policy applies to biziops.ai and related BiziOps services.