Skip to main content

MobilityDesk & MobilityWallet Privacy Policy

This privacy policy applies to the handling of personal data by NothingSoftware Pty Ltd trading as MobilityDesk and MobilityWallet (MobilityDesk, MobilityWallet, we, us, our) of Level 26, 88 Phillip Street, Sydney NSW 2000.

We understand the importance of, and are committed to, protecting your personal data and will always store your personal data in accordance with the laws of the countries in which we provide services to you. This Privacy Policy explains how we manage your personal data, including our obligations and your rights in respect of our dealings with your personal data, in the various locations in which we operate.

This Privacy Policy is made of up two sections.

  • Section 1 applies to you if you are located in Australia, or if you provide personal information to us in a way which means Australian privacy laws apply to our handing of that personal information.
  • Section 2 also applies to you in addition to the protections in section 1 if you are located in the European Union, the United Kingdom or any other country or if you provide personal data to us in a way which means the EU or UK laws in relation to privacy apply to our handing of that personal data. To the extent that anything in section 2 is not consistent with anything in section 1, section 2 would apply to you.

Section 1 – Australian Privacy Terms

This Section 1 describes how we manage your personal information (that is, information or an opinion about you, whether true or not, which identifies you or from which your identity is reasonably identifiable) under Australia’s privacy laws. In collecting, holding, using, disclosing and otherwise managing your personal information, we will comply with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles in the Privacy Act.

We will regularly review our policies and procedures regarding personal information and may therefore update and amend this privacy policy from time to time. Any updated privacy policy will be made available on our website located at https://mobilitydesk.com or can otherwise be obtained by contacting us using the details set out in paragraph 11 below and requesting a copy.

1. What we collect

Personal information. The types of personal information we may collect and hold about you will depend on a range of circumstances, including who you are and which of our services and products you are looking to access or use. For instance, we generally need to collect more personal information about users of the MobilityDesk platform than about visitors to our website.

Generally, the personal information we collect can include (but is not limited to):

  1. your name, date of birth, age, gender, postcode and other demographic information;
  2. your contact information, such as your email, postal and work addresses and phone numbers;
  3. your identification details, such as your driver’s licence number or passport details;
  4. visa and immigration status and proof of residency;
  5. your employment status and information regarding your income and financial standing;
  6. billing and financial information (such as your banking or payment information, credit card number, cardholder name and expiration date);
  7. information about properties you own;
  8. your preferences regarding our products and services, or the products and services of the service providers on the MobilityDesk platform;
  9. any information which is publicly available, including on a third party social media service;
  10. other information necessary to provide you with information regarding products or services or to undertake any transactions or dealings with you by us or the service providers on our MobilityDesk platform; and
  11. any other information you provide us from time to time, including your preferences or opinions relating to our products, and information relating to surveys, competitions, enquiries or complaints.

Technology information. MobilityDesk collects internet/technology related information from visitors to our website or users of our platforms and online services (including the Mobility Desk platform), including your IP address, which browser you used to come to the website or platform, the country, state or province from where you accessed our website or platform, the pages of our site that you viewed during your visit and any search terms entered on our site. If you do not provide us with the personal information we request from you, we may not be able to supply the products or services you have requested, or we may be restricted in the way we supply those products or services.

Sensitive Information. We will only collect sensitive information about individuals if it is reasonably necessary for our services and products you are looking to access or use. Information about your health, racial or ethnic origin, political persuasions, membership of a trade union or association, criminal record and religious or philosophical beliefs are all examples of sensitive information. By proceeding to register an account with us you consent to the collection of your sensitive information for these purposes.

As required by law. We may also hold other kinds of personal information as permitted or required by law or other kinds of personal information that we notify you of at or about the time of collection.

2. How we collect your personal information

How we collect. We will collect and hold your personal information in a fair and lawful manner, and not in an intrusive way. Where it is reasonably practical to do so, we will collect your personal information directly from you. We may collect personal information through some of the following means:

  1. when you register for an account with us, request information or services form us, or otherwise provide us with your details;
  2. where you enter into, or propose to enter into, a contract with us, including in relation to the provision of global mobility solutions software and related services;
  3. where you use our websites, products or other online services or otherwise interact with us, including when you use the MobilityDesk platform;
  4. in the course of administering, performing or managing contracts with our service providers or other third parties;
  5. when you provide us with information in response to direct marketing or customer satisfaction and market research surveys and questionnaires;
  6. in the course of administering or providing any of our services;
  7. when you apply for employment with us; and
  8. as otherwise required to manage our business.

Third party collection. There may be occasions where MobilityDesk collects your personal information from someone other than you, for example:

  1. from your bank or other relevant financial institutions;
  2. from your employer;
  3. from credit agencies or credit-reporting bodies;
  4. from government or regulatory authorities;
  5. from third party service providers on the MobilityDesk platform;
  6. from publicly maintained records or other publicly available sources of information including social media and third party websites;
  7. from third parties you authorise to disclose your information to us (including banks and other third party financial services);
  8. from our vendors, suppliers or other business partners that help provide our services (for example, service providers on the MobilityDesk platform); or
  9. from any other third party in connection with our products or services (including law enforcement agencies, emergency services, and referees).

We may collect our personal information from sources other than you if it is unreasonable or impracticable to collect that personal information from you. If we collect any personal information about you from someone other than you, to the extent not already set out in this Privacy Policy, we will inform you of the fact that we will collect, or have collected, such information and the circumstances of that collection before, at or as soon as reasonably practicable after we collect such personal information.

MobilityDesk users: When using our services, our customers may upload documents to the MobilityDesk platform containing personal information (including sensitive personal information) relating to you or third parties. We will not access these documents or view their content in the normal course, unless instructed by the relevant customer or where required as part of our services. We process any personal information contained on behalf of, and pursuant to the instructions of, you or our customers. You acknowledge and agree that it is impracticable for us to obtain your consent for collection of personal information in documents uploaded to the MobilityDesk platform by our customers, where you are not a user of the platform.

Authority. If you provide us with the personal information of another individual, without limiting any other provision of this Privacy Policy, you acknowledge and agree that the other individual:

  1. has authorised you to provide their personal information to us; and
  2. consents to us using their personal information in order for us to provide our products and services.

Unsolicited information. If we receive unsolicited personal information about you that we could not have collected in accordance with this Privacy Policy and the Privacy Act, we will, within a reasonable period, destroy or de-identify such information received.

Anonymity. If you would like to access any of our products or services on an anonymous or pseudonymous basis we will take reasonable steps to comply with your request, however:

  1. you may be precluded from taking advantage of some or all of our products and services or the products and services of the service providers on the MobilityDesk platform; and
  2. we will require you to identify yourself if:
    • we are required by law to deal with individuals who have identified themselves; or
    • it is impracticable for us to deal with you if you do not identify yourself.

3. Purposes for which personal information is used

Primary and secondary purposes. We collect personal information from and you consent to us using your personal information (other than sensitive information) for the following primary and secondary purposes:

  1. to communicate with you;
  2. respond to your queries and provide you with information you request from us;
  3. to offer and provide you with our products and services or the products and services of the service providers on the MobilityDesk or MobilityWallet platforms, or request feedback about products and services you have received;
  4. to manage and administer the products and services referred to in paragraph (c) above;
  5. to offer you access to the functionality of the MobilityDesk platform and the service providers on the platform;
  6. to comply with our legal and regulatory obligations;
  7. to help us meet our contractual obligations;
  8. to personalise and customise your experiences with us and the MobilityDesk platform;
  9. to investigate any complains about or made by you, or if we have a reason to suspect you have breached any relevant terms;
  10. to appropriately manage and conduct our business, including performing administrative functions such as billing and accounts and records management;
  11. for any purpose disclosed to you and to which you have consented;
  12. for any purpose that you would otherwise reasonably expect;
  13. to do anything else as required or permitted by any law.

Use of your personal information. In addition to the purposes listed above, MobilityDesk may use your personal information (other than sensitive information) for purposes related to the above purposes, other purposes which we notify you of when we collect the information and for purposes otherwise permitted or required by law.

Reasonable steps. Where personal information is used or disclosed, MobilityDesk takes steps reasonable in the circumstances to ensure it is relevant to the purpose for which it is to be used or disclosed.

Refusal to provide personal information. You are under no obligation to provide your personal information to MobilityDesk. However, without certain information from you, MobilityDesk may not be able to provide services or information to you or may be limited in how we can interact with you. We may also be limited in our ability to provide services to our customers in relation to the services they provide to you via the MobilityDesk platform.

Third parties. We do not sell, rent or lease your personal information to third parties. However, we may disclose personal information to third parties for purposes described in this paragraph 3.

4. Disclosure

How we disclose. We may disclose personal information and you consent to us disclosing such personal information (other than sensitive information) to:

  1. our related companies, agents and organisations;
  2. our suppliers and subcontractors;
  3. service providers and partners on the MobilityDesk platform for the purpose of providing products and services to you;
  4. third parties such as our contractors, suppliers, partners, affiliates, insurers, service providers, including organisations that provide us with technical and support services to enable us to run our business;
  5. our professional advisors or consultants, where permitted by the Privacy Laws; and
  6. entities seeking to acquire all or part of our business, or other entities with your consent.

Third party protection. If we disclose information to a third party, we generally require that the third party protect that information to the same extent that we do.

5. Overseas transfers of personal information

Overseas recipients. Some of the parties that MobilityDesk discloses your personal information to may be located outside of Australia, including our cloud hosting providers and the service providers and partners on the MobilityDesk platform. You acknowledge and consent to us sending your personal information to those entities as set out in paragraph 4 if they are located overseas. If you do not want us to disclose your information to overseas recipients, please let us know.

Cloud servers. We have cloud servers located in the United States of America and the United Kingdom and the entities referred to in paragraph 4 may access and view your personal information in those locations if needed for specific projects.

Reasonable protections. We take reasonable steps to ensure that any such overseas recipients do not hold, use or disclose your personal information in a way that is inconsistent with the obligations imposed under the Privacy Act and the Australian Privacy Principles in the Privacy Act.

6. Direct marketing

Why we direct market. Like most businesses, marketing is important to our continued success. We believe we have a unique range of products and services that we provide to customers at a high standard. We therefore like to stay in touch with customers and let them know about new opportunities.

How we direct market. From time to time we may contact you with information about new products, services and promotions either from us, or from third parties which may be of interest to you. In these situations, your personally identifiable information is not transferred to the third party. We will not disclose your personal information to third parties for marketing purposes without your consent.

Format of direct marketing. Communications may be sent to you through electronic messages such as email, SMS and other messaging applications. We may also contact you through social media channels where you choose to interact.

Opt out. You may opt out at any time from receiving communications from us that are not account related or legally required by making a request in writing to our Privacy Officer at hello@mobilitydesk.com or by using the ‘unsubscribe’ function contained in every electronic direct mail or SMS message you receive from us.

7. Cookies

What is a cookie. A ‘cookie’ is a small text file placed on your website browser for a pre-defined period of time by our website server for later retrieval. Cookies are frequently used on websites and you can choose if and how a cookie will be accepted by configuring your preferences and options in your browser. Cookies do not alter the operation of your computer or mobile device in any way.

The use of cookies. We use cookies to identify specific machines and website interactions in order to collect aggregate information on how visitors are experiencing our website and our platforms. This information will help to better adapt our website and platforms to suit our customers’ requirements. While cookies allow a computer or mobile device to be identified, they do not permit reference to a specific individual, unless you have previously subscribed to our websites or submitted a form via our websites.

Our platform. When you visit our websites (including the MobilityDesk platform) or our other online services, we will generally leave a ‘cookie’ in the memory of your web browser. The website or other online service may only function properly if cookies are enabled. Our websites, platforms and online services (including the online version of the MobilityDesk platform) may use persistent cookies to authenticate you as a user and display content that is relevant and specific to you.

Disabling cookies. We hope you will want the better service that cookies allow, but if you prefer, you can update your browser settings to disable cookies. However, by doing that, your access to our website (including the online version of the MobilityDesk platform) and other online services may be compromised or limited. This may also affect the provision of certain services through our website or other online services.

8. Protection of personal information

Storage. We may hold personal information as either secure physical records, electronically on our intranet system, in cloud storage or on third party servers. We maintain appropriate physical, procedural and technical security for our offices and information storage facilities so as to prevent any loss, misuse, interference, unauthorised access, disclosure, or modification of personal information, including when we dispose of personal information.

Restricting access. We further protect personal information by restricting access to personal information to only those who need access to the personal information to do their job. Physical, electronic and managerial procedures have been employed to safeguard the security and integrity of your personal information.

Obligation to notify. Please contact us immediately if you become aware of or suspect any misuse or loss of your personal information occurring in connection with our products or services, or the products or services provided under or in connection with the MobilityDesk platform.

Destruction: We will destroy or de-identify personal information if:

  1. the purpose for which we collected the personal information from you no longer exists or applies; or
  2. you request us to destroy your personal information, and we (or our service providers) are not required by law to retain your personal information.

You acknowledge that our customers, on whose behalf we hold certain information on the MobilityDesk platform, may be legally entitled or required or entitled to retain your personal information for purposes and for periods that are not specifically provided in this Privacy Policy.

9. Accessing and correcting your personal information

Accuracy of personal information. MobilityDesk takes steps reasonable in the circumstances to ensure any personal information it holds is accurate, up-to-date, complete, relevant and not misleading.

Privacy Act. In addition, under the Privacy Act, you may have a right to seek access to and correction of your personal information that is collected and held by MobilityDesk. If at any time you would like to access or correct the personal information that MobilityDesk holds about you, or you would like more information on MobilityDesk’s approach to privacy, please contact us using the details set out in paragraph 11 below.

Accessing your personal information. To obtain access to your personal information:

  1. you will have to provide proof of identity to ensure that personal information is provided only to the correct individuals and that the privacy of others is protected;
  2. we request that you be reasonably specific about the information you require; and
  3. we may charge you a reasonable administration fee, which reflects and will not exceed the cost to MobilityDesk for providing access in accordance with your request.

Response to access request. If you make a request for access to personal information, we will:

  1. respond to your request within a reasonable period after the request is made; and
  2. if reasonable and practicable, give access to the personal information as requested.

If MobilityDesk refuses your request to access or correct your personal information, we will provide you with written reasons for the refusal and details of complaint mechanisms.

Customer data. If your request for access to personal information relates to personal information we hold on behalf of a MobilityDesk customer, we may check whether the request complies with the customer’s obligations at law or whether an exception applies in respect of your request to access that personal information.

Exceptions. We are not obliged to allow access to your personal information if:

  1. it would pose a serious threat to the life, health or safety of any individual or to the public;
  2. it would have an unreasonable impact on the privacy of other individuals;
  3. the request for access is frivolous or vexatious;
  4. it relates to existing or anticipated legal proceedings between you and us and would not ordinarily be accessible by the discovery process in such proceedings;
  5. it would reveal our intentions in relation to negotiations with you in a way that would prejudice those negotiations;
  6. it would be unlawful;
  7. denying access is required or authorised by or under an Australian law or a court/tribunal order;
  8. we have reason to suspect that unlawful activity, or misconduct of a serious nature relating to our functions or activities has been, is being or may be engaged in and giving access would be likely to prejudice the taking of appropriate action in relation to the matter;
  9. it would likely prejudice one or more enforcement related activities conducted by, or
  10. on behalf of, an enforcement body;
  11. it would reveal commercially sensitive information; or
  12. a relevant law provides that we are not obliged to allow access to your personal information (eg. the GDPR).

Compliance with laws.

Response to correction request. If you otherwise make a request for us to correct your personal information, we will:

  1. respond to your request within a reasonable period after the request is made; and
  2. if reasonable and practicable, correct the information as requested.

Refusal to correct. If we refuse a request to correct personal information, we will:

  1. give you a written notice setting out the reasons for the refusal and how you may make a complaint; and
  2. take reasonable steps to include a note with your personal information of the fact that we refused to correct it.

Complaints. If you are dissatisfied with MobilityDesk’s refusal to grant access to, or correct, your personal information, you may make a complaint to us or the Office of the Australian Information Commissioner by using the contact details set out in paragraph 11.

10. GDPR

Definitions. For the purposes of this paragraph 10, “Personal Data” has the meaning given in Article 4 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27th 2016 most commonly referred to as the ‘General Data Protection Regulation’ or ‘GDPR’.

EU. If we become aware that you are a citizen of, or are located within, the European Union at the time at which we collect Personal Data about you, or at the time at which we propose to transfer Personal Data about you overseas, we will take steps to ensure that we comply with Articles 45 to 49 of the GDPR in relation to the transfer of your Personal Data overseas. However, you acknowledge that as you are receiving services from us within Australia, you are required to provide us with written notice of our need to comply with the GDPR in relation to your Personal Data if you wish for us to take steps that are not already set out in this privacy policy.

Restriction. If you are a citizen of, or are located within, the European Union at the time at which we collect Personal Data about you, or at the time at which you make a relevant request to access or correct your personal information under paragraph 9, we will take steps to ensure that we comply with a request by you to restrict the use of your Personal Data pursuant to Article 18 of the GDPR. You acknowledge that, depending on the nature of the restriction you request, we may be unable to provide you with some or all of our products or services, or provide access to the MobilityDesk platform, if we comply with your request. In such circumstances, we will advise you of our inability to provide or continue to provide you with the relevant products, services or access, and if you confirm that you would like us to proceed with your request, we may:

  1. terminate a relevant agreement or other document with you in relation to our products and services; or
  2. remove or restrict your access to our website, our online services or the MobilityDesk platform.

11. Contacting and complaints

Contact information. If you have any questions, concerns or complaints about this Privacy Policy, or about how we handle your personal information and credit information (including under the APPs or other binding codes), please contact our Privacy Officer at NothingSoftware Pty Ltd, Level 26, 88 Phillip Street, Sydney NSW 2000, or via email at hello@mobilitydesk.com.

Complaints. If you have a complaint about how we collect, use, disclose, manage or protect your personal information, or consider that we have breached the Privacy Act or Australian Privacy Principles, please contact us using our contact details below. We will respond to your complaint within 14 days of receiving the complaint.

Response and resolution. Once the complaint has been received, we may resolve the matter in a number of ways:

  1. We may request further information from you. Please provide us with as much information as possible, including details of any relevant dates and documentation. This will enable us to investigate the complaint and determine an appropriate solution.
  2. We will discuss options for resolution with you and if you have suggestions about how the matter might be resolved you should raise these with our Privacy Officer.
  3. Where necessary, the complaint will be investigated. We will try to do so within a reasonable time frame. It may be necessary to contact others in order to proceed with the investigation. This may be necessary in order to progress your complaint.
  4. If your complaint involves the conduct of our employees we will raise the matter with the employees concerned and seek their comment and input in the resolution of the complaint.

Notice of decision. After investigating a complaint, we will give you a written notice about our decision.

OIAC. If you are dissatisfied with how we handle your complaint, you may contact:

Office of the Australian Information Commissioner
GPO Box 5218, Sydney NSW 2001
1300 363 992 or via email at enquiries@oaic.gov.au.

12. Further information regarding the Privacy Laws

If you would like further information relating to the application of the Australian Privacy Principles, please visit www.privacy.gov.au.

13. Personal information about employees

We collect information in relation to employees as part of their application and during their employment, either from them or in some cases from third parties such as recruitment agencies. We handle employee information in accordance with the requirements of the Privacy Act and our applicable policies in force from time to time.

14. Changes

We reserve the right to change the terms of this section of our Privacy Policy from time to time without notice to you. An up-to-date copy of our Privacy Policy is available on our website or on request. This document was last updated on 15 August 2023.

Section 2 – Additional requirements for EU & other countries

15. Information We Collect:

We may collect and process various types of personal data about you, including but not limited to:

  1. Contact information (name, email address, postal address, phone number)
  2. Account information (username, password, profile data)
  3. Usage data (log files, IP address, browser type, device information)
  4. Communication data (correspondence, feedback, survey responses)
  5. Payment and transaction data (if applicable)
  6. Cookies and tracking technologies data (see our Cookie Policy for more details)
  7. Other information you voluntarily provide to us.

16. How We Use Your Data:

We may use your personal data for various purposes, including:

  1. Providing and improving our Services
  2. Communicating with you (responding to inquiries, sending updates)
  3. Managing your account and personalizing your experience
  4. Processing transactions and payments (if applicable)
  5. Sending promotional offers and marketing communications (with your consent)
  6. Complying with legal obligations
  7. Protecting our rights and interests.

17. Legal Basis for Processing:

We process your personal data based on various legal grounds, including:

  1. Performance of a contract (providing our Services)
  2. Legitimate interests pursued by us or a third party
  3. Compliance with a legal obligation
  4. Consent you provide for specific processing activities.

18. Sharing Your Data:

We may share your personal data with:

  1. Third-party service providers (processors) who assist in delivering our Services
  2. Business partners and affiliates
  3. Legal authorities or regulatory bodies when required by law
  4. Acquirers or potential acquirers in the event of a merger, acquisition, or sale.

19. Your Rights:

As an EU national, you have certain rights regarding your personal data, including:

  1. Accessing and obtaining a copy of your personal data
  2. Rectifying inaccurate data
  3. Erasing your data (right to be forgotten)
  4. Restricting processing in certain circumstances
  5. Objecting to processing based on legitimate interests
  6. Withdrawing consent (if processing is based on consent)
  7. Data portability.

20. Data Transfers:

Your personal data may be transferred and processed in countries outside the European Economic Area (EEA). We will ensure such transfers are compliant with applicable data protection laws.

21. Data Security:

We take appropriate technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction.

22. Children’s Privacy:

Our Services may include children under the age of 16. We do not knowingly collect personal data from children without parental consent.