Legal pages
Global Acquirer
Local Acquirer
Oolio
Oolio Pay
Oolio Platform
Privacy Policy (AU/NZ) – Oolio Group
This Privacy Policy was last updated in June 2025.
1. General
1.1 Oolio is committed to ensuring your privacy is protected and complying with its obligations under the Australian Privacy Act 1988 (Cth), the New Zealand Privacy Act 2020, and other privacy laws that may apply in respect of collecting Personal Information.
1.2 When Oolio, in the course of carrying on business in Australia, takes any action in respect of personal information “Privacy Act” means the Australian Privacy Act 1988 (Cth) and “Personal information” has the meaning given to that term in that Privacy Act.
1.3 When Oolio, in the course of carrying on business in New Zealand, takes any action in respect of personal information “Privacy Act” means the New Zealand Privacy Act 2020 and “Personal information” has the meaning given to that term in that Privacy Act.
1.4 This Privacy Policy sets out how your Personal Information is collected, used, and disclosed by each of our entities, including:
(a) Oolio Pty Ltd ACN 657 508 426 (Oolio Pay and Oolio Apps);
(b) Bepoz Global Pty Ltd ACN 600 210 286 (Bepoz);
(c) IdealPOS Solutions Pty Ltd ACN 091 801 204 (Idealpos);
(d) Ordermate Pty Ltd ACN 151 480 170 (Ordermate);
(e) Deliverit Software Pty Ltd ACN 065 049 238 (Deliverit);
(f) SwiftPOS Pty Ltd ACN 079 142 662 (Swiftpos);
(g) Simple Golf Pty Ltd ACN 659 210 385 (Simplegolf); and
(h) Oolio NZ Limited (NZCN 8226239) (NZ Oolio).
(together, Oolio, we, us, our).
1.5 This Privacy Policy applies to the websites, apps, products and services offered by each of the entities mentioned above (collectively referred to as the Platforms).
1.6 This Privacy Policy is subject to change at our discretion, and we will update it from time to time. The current version will always be available on our website at https://oolio.com/. If we change this Privacy Policy in any material way, we will post a notice on our website along with the updated Privacy Policy. We encourage you to read this Privacy Policy each time you deal with us so that you are aware of any changes made to it. We may also contact you via your contact information we hold on file, for example, by email or some other equivalent measure.
1.7 In this Privacy Policy, we use the terms:
(a) ‘merchants’ to refer to our customers who engage us to provide services, and individuals at businesses who engage us to provide services;
(b) ‘end user’ to refer to end users of our services who are not merchants, including our merchants’ customers who engage with our services through our merchants;
(c) ‘suppliers’ to refer to individuals who provide us with goods or services, and individuals at businesses who provide us with goods or services;
(d) ’visitors’ to refer to individuals who engage with us on our websites, or who enquire about our functions or activities via electronic means; and
(e) ‘applicants’ to refer to individuals who apply for employment or other engagement with us.
In some circumstances, you may belong to more than one of these groups, and multiple sections of this Privacy Policy will then apply to you.
2. Information for end users
2.1 If you are an end user who uses our services, we collect, use, and disclose your Personal Information as a result of your relationship with that merchant. In such circumstances, we collect, use, and disclose your Personal Information on behalf of the merchant. The kinds of Personal Information we collect about you is in part determined by the merchant, and we use and disclose that information to provide our services to the merchant,and to carry out our business activities.
2.2 If you have any questions about the collection, use, and disclosure of your Personal Information by merchants, please direct those questions to the relevant merchant, as the collection, use, and disclosure of your Personal Information will also be subject to their policies and procedures. We are not responsible for the privacy or security practices of our merchants, which may be different from our privacy and security practices.
3. What is Personal Information, and what do we collect?
3.1 The kinds of Personal Information we collect about you depends on our relationship with you and we limit the information we collect to what is reasonably necessary for one or more of our functions or activities. Generally, we will collect your name, commentary or opinions about you, and other information relevant to providing you with the information, goods and services (as applicable) you are seeking or that someone is seeking on your behalf.
3.2 If you are a merchant, we generally collect:
(a) the names, phone numbers, email addresses and, in some cases, physical address of your personnel that we will be dealing with on your behalf;
(b) your bank details (for invoicing or direct debit) which may include contact information for the personnel who are authorising the payment on your behalf (including their name, phone number and email address);
(c) credit card information so we can complete an order (which may amount to Personal Information for merchants who use personal credit cards);
(d) information from you about your customers, who are end users (see paragraph 3.5 which sets outs what we collect); and
(e) your New Zealand Business Number (if you are based in New Zealand).
3.3 If you are a merchant using an Oolio Pay service, we are required by law to collect ‘know your customer’ (KYC) information from you. The KYC information we collect includes (as applicable):
(a) the names, email addresses, home addresses, date of birth and photo identification of your business owners, beneficiaries and shareholders; and
(b) the following information about your business, which may constitute Personal Information if you are a sole trader:
(i) your business address and other trading addresses;
(ii) credit information;
(iii) bank statements; and
(iv) trust deeds.
3.4 If you are an end user, we may collect information from you or about you from our merchants depending on which entity/entities you are dealing with. If you are an end user using:
(a) an Oolio Pay service, we may collect:
(i) tokenised card data, which allows you to store your payment preferences with our merchant for future transactions without storing your actual card data; and
(ii) information relating to your transactions made through Oolio Pay, including your name and email address.
(b) an Oolio Apps service, we may collect:
(i) information you provide to our merchants through our merchant’s loyalty programs, such as your name, number, email address, and (in some circumstances) date of birth;
(ii) information you provide to order aggregator/delivery apps our merchants use, such as your name, number, address and email address; and
(iii) information relating to your transactions, including your order history and order preferences.
(c) a bepoz service, we may collect:
(i) information you provide when you engage with merchants who use our membership and loyalty app or our self-ordering platform, such as your name, number, (if ordering delivery) address, email address, date of birth, food allergy information, and any other information requested by the merchant;
(ii) information relating to your transactions through our point-of-sale system, including your order history and order preferences; and
(iii) information relating to transactions through your gaming card, including your transaction history.
(d) an ideapos service, we may collect:
(i) information you provide to our merchants through our merchant’s loyalty programs, such as your name, number, address, email address and (in some circumstances) date of birth;
(ii) information you provide to delivery apps our merchants use, such as your name, number, address and email address; and
(iii) information you provide to our merchants when you purchase a gift voucher, such as your email address, the gift voucher recipient’s email address, and any message contained in that gift voucher.
(e) an ordermate service, we may collect:
(i) information you provide to our merchants through our merchant’s loyalty programs, such as your name, number, address, email address and (in some circumstances) date of birth;
(ii) tokenised card data, which allows you to store your payment preferences with our merchant for future transactions without storing your actual card data;
(iii) information you provide to delivery apps our merchants use, such as your name, number, address and email address; and
(iv) information relating to your transactions, including your order history and order preferences.
(f) a swift service, we may collect:
(i) information you provide to our merchants through our merchant’s loyalty programs or membership programs, such as your name, number, address, email address and (in some circumstances) date of birth; and
(ii) information relating to your transactions through your gaming card, including your transaction history.
(g) a simplegolf service, we may collect:
(i) information you provide to our merchants through our merchant’s loyalty programs or membership programs, such as your name, number, address, email address and (in some circumstances) date of birth; and
(ii) information relating to your transactions, including your order history and order preferences.
(h) a deliverit service, we may collect:
(i) information you provide to delivery apps our merchants use, such as your name, number, address and email address;
(ii) information relating to your transactions, including your order history and order preferences;
(iii) when you use our services through one of our merchants to make an order as a guest, your name, mobile number, email address and home address (if you elect for your order to be delivered); and
(iv) when you use our services through one of our merchants to make an account, your name, mobile number, email address, gender, date of birth, your order history and food preferences.
3.5 If you are a supplier, we will also collect your contact details, ABN (for sole traders and partnerships), business name, bank account details (for payment of your invoices), and information about your role.
3.6 If you are a visitor, we will also collect your email address, information about your use of our Platforms and the device you are using (including numbers that identify your device, IP address, geographic location of your IP address and device where that is relevant to the services and information we are providing, cookie information, and user preferences). You may choose to enable or disable information you share with us via the Platforms in your browser or device settings. Disabling the sharing of some information may affect your ability to use certain features of the Platforms, and your visitor experience generally. When we launch new features in our Platforms, we enable session recording to understand how visitors use the new features. During session recording we collect on-screen activity such as mouse clicks, navigation, and text input, and usage data such as your IP address, browser type, device type, and operating system. We do not collect passwords or payment information unless you have expressly provided this in a support session with us.
3.7 If you are an applicant, depending on your potential position with us, we will also generally collect your Personal Information contained within an application and CV/resume, employment history, Personal Information derived from a reference, Personal Information derived from an interview, Personal Information derived through testing (including psychometric or aptitude testing), licences and other certificates and qualifications, and information included in a passport, birth certificate, visa or other documentation demonstrating your right to work in Australia or New Zealand (as applicable).
3.8 We support your ability to make decisions about the Personal Information you provide to us, however if you choose not to provide us with the information requested, or it’s incomplete or inaccurate, we may not be able to provide you with the information, goods, and services you are seeking. If you are an applicant, refusal to provide Personal Information may mean we are unable to process your application.
4. How we collect your Personal Information
4.1 We will generally collect Personal Information directly from you when you interact with us, such as in person, by email, by phone, by enquiry or feedback form, or via our Platforms, social media channels, interviews (via any method), any of our standard forms (including application forms), contract negotiation, our employment and engagement application process, our surveys (where applicable), or any other means by which you provide us with your Personal Information.
4.2 We may also need to collect Personal Information about you from third parties from time to time where it is necessary for us to do so and it is unreasonable or impractical to collect directly from you, where you have consented to us doing so, or where we are otherwise required to or authorised to by law. Those third parties include:
(a) if you are an end user: from our merchants, including information they input into our Platforms, their loyalty programs, gift cards and vouchers and membership programs, or from other third parties who integrate into our systems and may provide us with information to enhance the delivery of services you use;
(b) if you are a merchant or supplier: publicly available records such as the Australian Securities Investment Commission and Australian Business Register. Where applicable, we may also collect information from credit assessment providers such as Equifax;
(c) if you are a visitor: technology service providers and our social media platforms; and
(d) if you are an applicant: referees when they provide references, academic institutions or training and certification providers, providers of licence and background-checking services, recruiters and other service providers who assist in the engagement process, and other publicly available sources such as social media platforms.
4.3 Except as otherwise permitted by law, we only collect Sensitive Information (as that term is defined in the Privacy Act) about you if you consent to the collection of the information and if it is reasonably necessary for the performance of our functions and activities. Consent may be implied by the circumstances existing at the time of collection. There may also be circumstances under which we may collect Sensitive Information without your consent, as required or authorised by law.
4.4 If you provide us with Personal Information about someone else, you must ensure that you are authorised to disclose that information to us and that (without us taking any further steps required by the Privacy Act, APPs or other applicable privacy laws) we may collect, store, use and disclose such information for the purposes described in this Privacy Policy. Where we request you to do so, you must assist us with any requests by the individual to access or update the Personal Information you have collected from them and provided to us.
5. Why do we collect, hold, use and disclose your Personal Information?
5.1 We will generally collect, hold, use, and disclose your Personal Information if it is reasonably necessary for or directly related to the performance of our functions and activities and:
(a) to facilitate our internal business operations, including:
(i) establishing our relationship with you;
(ii) maintaining and managing our relationship with you, and communicating with you in the ordinary course of that relationship;
(iii) supplying you with information, goods and services;
(iv) updating your Personal Information;
(v) analysing our goods and services, and merchant or end user needs with a view to developing new or improved goods, services, and business operations;
(vi) conducting market research and monitoring use of our goods and services;
(vii) contacting you to ask for your feedback or testimonials;
(viii) providing internal training and development;
(ix) if you are a supplier: to facilitate purchasing goods or services from you, and enquiring about your products and services;
(x) if you are a visitor, end user or merchant: to streamline and personalise your experience within our Platforms, tailoring our information, goods and services for you, improving the performance, functionality, and user experience of our Platforms, diagnosing issues, bugs, and user difficulties, providing customer support, and conducting internal training and development; and
(xi) if you are an applicant: to assist us in considering your application with us.
(b) to provide you with information about other goods and services that we or our related entities and other affiliated organisations offer that may be of interest to you. You may unsubscribe from our mailing/marketing lists at any time by using the unsubscribe feature on any emails we send, or otherwise by contacting us in writing;
(c) to de-identify and aggregate Personal Information about you and your use of our goods and services to improve the quality of our goods and services, and for research purposes. If we delete your Personal Information in line with relevant internal policies (see section 9 below), we may retain de-identified and anonymised information (that can no longer be associated with you) and may continue to use this de-identified data indefinitely without further notice to you; and
(d) for any other purpose identified at the time of collection.
5.2 We are also required to collect, hold, use, and disclose Personal Information to fulfil our legal requirements, both at law and under contractual arrangements with you. For some of our services, this includes the collection of KYC information to verify your identity and any potential financial or legal risks involved with maintaining a business relationship with you.
5.3 We may use or disclose Personal Information for secondary purposes where it would be reasonable to expect us to do so, and that secondary purpose is related (or directly related in the case of Sensitive Information) to the primary purpose set out above.
6. Who we disclose Personal Information to
6.1 We generally disclose your Personal Information for the purposes for which it was collected (set out above). We may disclose Personal Information about you to:
(a) our related entities;
(b) our employees, contractors, consultants and other parties who require the information to assist us with the purposes for which it was collected, and with establishing, maintaining or terminating our relationship with you;
(c) third parties to whom you have agreed we may disclose your information and where the information was collected from you (or from a third party on your behalf) for the purposes of passing it on to the third party;
(d) government departments and agencies where required by law; and
(e) any other entity as otherwise required or authorised by law, including regulatory bodies.
6.2 We may also disclose your Personal Information to:
(a) integrated third party service providers who support our business operations and assist us in delivering services to you, including third parties that provide:
(i) services for the secure management and processing of KYC information;
(ii) development and software engineering services;
(iii) tracking and error logging metric services;
(iv) authentication services;
(v) customer support and communication services;
(vi) customer relationship management and lead conversion services;
(vii) marketing and performance insight services, including email and SMS engagement platforms and business analytics programs; and
(viii) for merchants and end users using our Oolio Pay services, services to facilitate the delivery of our payment processing services;
(b) third party delivery partners; and
(c) other third party service providers who assist us in operating our business and providing information, resources, goods and services to you or someone else on your behalf (including insurers, IT and technology service providers, recruitment providers, and professional advisers such as lawyers, accountants, and auditors).
6.3 Where we disclose Personal Information to a third party service provider, we take reasonable steps to ensure these service providers have appropriate security for your Personal Information and use it only for the purposes for which it was collected.
6.4 We may expand or reduce our business, and this may involve the sale and/or transfer of control of all or part of our business. Personal Information, where it is relevant to any part of the business for sale and/or transfer, may be disclosed to a proposed new owner or newly controlling entity for their due diligence purposes, and upon completion of a sale or transfer, will be transferred to the new owner or newly controlling party to be used for the purposes for which it was provided.
7. Direct marketing
7.1 We will only send you direct marketing communications and information about our goods and services with your consent (which may be implied in some circumstances). We use various mediums including mail, email, SMS, and push notifications to send direct marketing communications.
7.2 If you do not provide your consent to receive direct marketing communications, you may opt-out of receiving marketing communications from us by contacting us at the details below or by using the opt-out facilities provided in our communications.
7.3 We do not provide your Personal Information to other organisations for the purposes of their direct marketing and will not sell, rent, or lease our customer lists to third parties. Our practices in regard to our emails are designed to be compliant with anti-spam laws, including Australia’s Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth). If you believe you have received mail in violation of these laws or any other anti-spam law, please contact us using the contact information in this Privacy Policy.
8. Overseas disclosure
8.1 We are assisted by a variety of external service providers to operate our business and to provide you or someone else on your behalf with the information and services sought. Some of these service providers may be located overseas, including the UK, the Philippines, India, Vietnam, Sri Lanka and the USA.
8.2 We take reasonable steps to ensure these service providers have appropriate security measures in place to protect your Personal Information and use it only for the purposes for which it was collected.
2. How we store and protect Personal Information
2.1 We store your Personal Information in different ways, including in paper and electronic form. We take reasonable measures to ensure your Personal Information is stored in a manner that reasonably protects it from interference, misuse and loss and from unauthorised access, modification or disclosure, including by taking reasonable electronic and physical security measures, including limiting access to your Personal Information and using secure storage functions where appropriate.
2.2 When we no longer need your Personal Information for the purpose for which we collected it, we will (in most circumstances) take reasonable steps to destroy or permanently de-identify your Personal Information in accordance with our internal practices and policies. However, most of the Personal Information is or will be stored and kept by us for a minimum of seven years (unless legislation requires us to destroy or permanently de-identify it sooner).
2.3 Despite the reasonable steps we take to secure your Personal Information, if you provide any Personal Information to us in any form (including electronically, via our Platforms, by email, or over the phone) or if we provide Personal Information to you by such means, the privacy, security and integrity of your Personal Information cannot be guaranteed during its transmission unless we have indicated beforehand that a particular transaction or transmission of information will be protected (for example, by encryption).
9. Third party sites
9.1 Our Platforms and online services (including email messages we send you) may contain links to other websites, online services, and resources maintained by a third party (Other Services). This Privacy Policy does not apply to such Other Services and Oolio is not responsible for those Other Services. If you access such Other Services, you do so at your own risk and we make no representations or warranties regarding third parties’ privacy practices.
9.2 We encourage you to read the privacy collection statements and privacy policies of every Other Service you use. When we do link to an Other Service, this does not automatically imply that Oolio endorses that Other Service and their contents.
10. Accessing or correcting your Personal Information
10.1 You may access the Personal Information we hold about you, subject to certain exceptions. If you wish to access your Personal Information, please contact us via the below:
Address: Oolio Pty Limited, 351 William Street, West Melbourne, VIC 3003
Email: support@oolio.com
Telephone: 1300 166 546
Website: oolio.com
10.2 There are no charges for requesting access to or the correction of your Personal Information, however we reserve our rights to charge you any reasonable administration fees associated with your request. We will notify you in advance of any applicable fees.
10.3 We endeavour to respond to those requests within 30 days, but will otherwise respond within a reasonable period. We may decline a request for access to Personal Information in circumstances prescribed by the Privacy Act. If we decline a request for access, where reasonable, we will provide you our reasons and information about your ability to complain about such refusal.
10.4 In order to protect the confidentiality of your Personal Information, details of your information will only ever be passed on to you where we are satisfied that the information relates to you. Accordingly, we may request documentation from you which confirms your identity before passing on any Personal Information which relates to you.
10.5 If you believe the information we hold about you is incomplete, not up to date, or is inaccurate, please advise us as soon as practicable. We will take reasonable steps to correct the information if we agree that it is incomplete, out of date, or inaccurate. We will strive to process any request within 30 days.
11. Making a complaint
11.1 If you have any queries or concerns about our Privacy Policy, or the way we handle your Personal Information, or you wish to make a complaint about a breach of the Privacy Laws or this policy please contact us using the details above and we will take reasonable steps to investigate the complaint and respond to you.
11.2 If after this process you are not satisfied with our response, you can submit a complaint to the Office of the Information Commissioner, Australia. To lodge a complaint, visit the ‘Complaints’ section of the Information Commissioner’s website, located at http://www.oaic.gov.au/privacy/privacy-complaints, to obtain the relevant complaint forms, or contact the Information Commissioner’s office.
12. Further information
12.1 If you require any further information or have any queries regarding our Privacy Policy, please contact our Privacy Officer at the details set out above.
12.2 Should you wish to read more information on the Privacy Act, we recommend that you visit the website of the OAIC at www.oaic.gov.au.
13. New Zealand specific provisions
13.1 If you request access to your Personal Information, we endeavour to respond your request within 20 working days after the day on which the request is received. We may decline a request for access in circumstances prescribed by the Privacy Act. If we decline a request for access, we will provide you our reasons and information about your ability to complain about such refusal.
13.2 If you believe that the information we hold about you is incomplete, not up to date, or is inaccurate, please advise us as soon as possible. We will take reasonable steps to correct the information if we agree that it is incomplete, out of date or inaccurate. We will strive to process any requests in no more than 20 working days after receiving the request. In some circumstances we may notify you that we will not correct the Personal Information and will provide you with our reasons for refusal, information about your entitlement to provide a statement of correction sought and to request that it be attached to the information and inform you about your ability to complain about such refusal.
13.3 To lodge a complaint of the nature set out in clause 12.1, you can submit a complaint to the Office of the New Zealand Privacy Commissioner, by visiting the “Submit a Complaint” section on of the New Zealand Privacy Commissioner’s website, located at https://www.privacy.org.nz/your-rights/making-a-complaint-to-the-privacy-commissioner/complaint-landing-page/ to obtain the relevant complaint forms, or contact the New Zealand Privacy Commissioner’s office.
13.4 For further information on the Privacy Act, we recommend that you visit the website of the New Zealand Privacy Commissioner https://www.privacy.org.nz/.