Webscale Pty Ltd, trading as KeyPay
Privacy Policy

Learn how KeyPay treats personal data across the websites we operate and services we provide.

For our EU/UK specific privacy policy, please click here.

1. Overview

Welcome to Webscale Pty Ltd, trading as KeyPay! We value the trust you place in us when providing us with your Personal Information, and we aim to protect your information to the highest of standards as we provide our products and services to you. This Privacy Policy was last updated on 9 December 2022. If you have any questions about the latest changes to this policy, please see the FAQs page on our Help Centre.

View the archived versions of our Privacy Policy.

2. Scope

At KeyPay, we are committed to safeguarding the privacy of the customers and users (“you” or “your”) of our Services, including the users of the KeyPay Platform, and individuals who visit the KeyPay websites.

This Privacy Policy applies to all Personal Information that we collect, use, or disclose when providing the websites, platforms, apps, products, and services owned or operated by us, including the KeyPay websites, KeyPay Platform, and its related apps (together known as “Services”).

By providing Personal Information to us, or using our Services, you consent to our collection, use and disclosure of your Personal Information in accordance with this Privacy Policy and any collection notices provided to you from time to time.

The Personal Information that we collect will be used to provide you with access to our KeyPay Platform and our related apps. We may provide Personal Information to any of our Related Bodies Corporate including Employment Hero Holdings Pty Ltd, Employment Hero Pty Ltd, Employment Hero Financial Services Pty Ltd, EI Research & Development Pty Ltd, KeyPay Ltd UK and PensionSync Ltd UK. We provide Personal Information to these Related Bodies Corporate in connection with the uses described below.

3. Privacy Policy Amendment

We may change our Privacy Policy from time to time by publishing changes to it on the KeyPay website. These changes will apply to your use of our Services from the date of publication or any other specified date. We encourage you to check the KeyPay website periodically to ensure that you are aware of our current Privacy Policy.

If the changes to our Privacy Policy is significant and you have an account with us, we will let you know through your account or by email.

See archived versions

4. Who are we?

In this policy, “KeyPay, we”, “us” or “our” means Webscale Pty Ltd, trading as KeyPay and its Related Bodies Corporate as defined in the Corporations Act 2001 (Cth), affiliates and subsidiaries. If you want to know who we are please see our list of affiliates here.

5. What is Personal Information?

The term “Personal Information” means any information, opinion, or data that we collect about an individual where that individual is identified or where that individual is reasonably identifiable. It also includes “Personal Data”, or similar terms as defined in any applicable privacy or data protection laws.

“Personal Information” is information or opinions about you which:

  • can be used to identify, contact, or locate you; or
  • can be combined with other information that is linked to you.

If you can’t be identified (for example, when Personal Information has been aggregated and anonymised) then this notice doesn’t apply.

A subset of Personal Information is “Sensitive Information”. Sensitive information includes information or an opinion about a person’s race, gender diversity, sexual orientation, disability, ethnic origin, political opinions, membership of a political association, membership of a professional or trade association, heath, religious or philosophical beliefs, and criminal history.

6.   What Personal Information do we collect?

The types of Personal Information we may collect, and hold will vary depending on your dealings with us including your use of our KeyPay Platform, and when you provide information whilst browsing the KeyPay website.

We may collect, use, or disclose Sensitive Information with your consent when providing our Services to you. We may also process your ‘Sensitive Information’ held in the documents uploaded to the KeyPay Platform by you or your employer.

By providing Personal Information including Sensitive Information to us or consenting to a third party (such as your employer) providing such information to us, you consent to our collection and use of that information as set out in this Privacy Policy.

(a)   Personal Information we collect when you use our Services

We may collect Personal Information from you as a customer or end-user of our Services. Personal Information we collect when you use our Services may include, but is not limited to, the following:

  • individual information including name, date of birth or age, gender, sex, and marital status;
  • business information including company or business name, and other information regarding your business and/or employees that can be used to identify an individual;
  • contact information including residential and/or postal address, email address, telephone number, and social media handles
  • current and past employment related information including occupation or job title, information relating to your current employer, information relating to your former employer and role, key dates relating to your current role and/or past roles, superannuation information, salary and/or pension details including documents such as payslips and payment summaries, citizenship and visa status for work eligibility purposes, emergency contact information, tax information, details of hours worked; 
  • billing information including payment details such as banking, or debit/credit card details; and
  • Sensitive Information including health or disability information, biometric information, immigration information, criminal history and background checks, and any diversity related information such as racial and/or ethnic origin.

(b)  Personal Information we collect from your other interactions with us

We collect Personal Information when you interact with us, such as when you use our websites, communicate with us via email, telephone, social media or chatbots, make enquiries regarding demos, or when we collect feedback from you on the Services we provide. The Personal Information we may collect in these circumstances include individual or business name, address, email, phone number, company/employer, job function, team size, date, time, and reason for contacting us, survey and research responses, social media information, and call recordings.

(c)  Personal Information we collect from you automatically

We automatically collect usage information when you browse our websites or use our Services to improve our Services and enhance your user experience. This information includes digital interactions data, i.e., how you use our digital properties (including websites, social media sites, apps, electronic communications, and third-party websites), metadata (collected on an anonymous basis), consumer analytic data(collected on an anonymous basis but which can be attributed to you based on other information we have about you), log file information, information about the type of device and operating system used by you, location information, computer IP addresses, and marketing and cookie preferences, including any consent you have given us.

(d)  Personal Information we collect from you about third parties

From time to time, you may provide us, and we may collect from you, Personal Information of or about a third party (for example, information you put into the KeyPay Platform as an employer on behalf of your employees). When you provide the Personal Information of a third party, it is your responsibility to ensure that the necessary consent has been acquired or other lawful basis is relied on, and that those individuals are aware of this Privacy Policy, and that they understand it and agree to accept it.

7.    How is your Personal Information collected?

We collect Personal Information when you use our Services, and through your other interactions with us. We may also collect your Personal Information from third parties where it is necessary for the purposes of providing our Services to you.

(a)   Collection of Personal Information directly from you

We collect Personal Information directly from you:

  • when you use our Services, and/or interact with our websites, platforms and apps, such as when you input your details or upload documents into your account through use of the KeyPay Platform or our related apps;
  • by dealing with you in person or over the phone, for example when asking for contact details from you so you can sign up to a trial, or when you request support;
  • virtually through electronic communications including emails, SMS, or video conference, or through our platforms, apps, social media platforms and websites, including through the use of sign-up features and chatbots; and
  • when you fill out and submit registration forms, and customer feedback or survey forms.

(b)   Collection of Personal Information from third parties

We may also collect your Personal Information from third parties where you have provided consent or where there is a legal basis for such collection. Third parties that provide us with Personal Information may include Bureau Payroll Providers who process payrolls on behalf of a company which may use our Services, and employers who provide information about employees through the KeyPay Platform for the purpose of using our Services. Personal Information may also be collected through third-party APIs, and by third party service providers who are permitted to disclose that information to us to support our delivery of Services or direct marketing activities.

We may also collect Personal Information about you through our Related Bodies Corporate for the purpose of delivering our Services to you.

If someone has entered your Personal Information onto the KeyPay Platform on your behalf, you’ll need to contact that user for any questions you have about your Personal Information (including when you want to access, correct, or amend the information, or request that the user delete your Personal Information).

8.    How we use your Personal Information

The primary purpose for which we collect Personal Information about you is to enable us to perform our business activities and provide our Services to you. We collect, hold, use, and disclose your Personal Information for the following purposes:

  • to provide our Services to you, including providing access to the payroll, human resources and Superannuation services provided via our platform;
  • to manage and enhance our Services, and to personalise and customise your experience with our Services, and to provide you with any necessary support to receive our Services;
  • to allow superannuation funds to check your membership with them and provide access to the services of your superannuation fund (where you have subscribed to receiving our Superannuation services);
  • to provide you with information about our existing and new products and services (including for direct marketing purposes as described below);
  • to verify your identity and enable us to monitor suspicious or fraudulent activity;
  • to investigate any complaints made by you, or made about you;
  • to investigate any suspected breach of any of our terms and conditions or unlawful activity engaged in by you;
  • for any other purpose we reveal to you at the time of collection; and
  • to meet our obligations and exercise our rights under applicable laws.

We may use Personal Information for the purpose of allowing third parties to provide additional products and services to you where you made such a request or have given us consent to do so.

If you do not provide us with the Personal Information described in this Privacy Policy:

  • we may not be able to provide you with information about our Services that you requested;
  • we may not be able to provide you with a subscription and access to our Services that you requested; and
  • we may not be unable to tailor the content of our Services to your preferences and your experience of our Services may not meet your desired needs.

9.    How can we share your Personal Information

(a)  Sharing of Personal Information when providing our Services

We may share your Personal information within our corporate group and with other third parties from time to time for the purposes and means described in this Privacy Policy. In delivering our Services, we may disclose your Personal Information to:

  • our employees, Related Bodies Corporate, and contractors for the purposes of the delivery and operation of our Services, and fulfilling requests by you;
  • our Related Bodies Corporate for the purposes of the delivery of their Services to you where you have subscribed to their services, or where they integrate with us to provide our Services;
  • our existing or potential agents, partners or joint venture entities in the course of performing our business activities and providing our products and services to you;
  • relevant authorities and institutions including the tax authorities, payroll providers, banks, financial institutions, and superannuation providers in connection with the provision of our services or if required by law; and
  • the police, any relevant authority or enforcement body, or your internet service provider or network administrator if required by law or we consider it necessary for the protection of our systems or for the prevention or detection of illegal activity.

(b)   Sharing your Personal Information with third parties

We may disclose your Personal Information to specific third-party service providers who facilitate the delivery of our Services and operation of our business activities. We disclose your Personal Information to such third parties as doing so may be necessary to adequately provide our Services to you, or to assist us in analysing how our Services are used and ensure they are provided to you at the highest quality. These third parties are given access to your Personal Information only to perform these tasks on our behalf or for our benefit and are required not to disclose or use it for any other purpose.

Specifically, we provide Personal Information and Sensitive Information to Employment Hero Pty Ltd and Employment Hero Financial Services Pty Ltd in order to provide our users of the KeyPay Platform with the ability to choose, retain or engage with superannuation funds (Superannuation services). If you have subscribed to our Superannuation services, we may provide your Personal Information to our partner superannuation funds to check your membership with them (provided that you have given us consent to disclose your Personal Information to the superannuation funds). Upon your verification as a member of a superannuation fund, we will continue sharing your Personal Information with your chosen superannuation fund(including changes to your personal details, employment changes, life event information and other matters) only in connection with providing you access to their services.


10. Overseas disclosure of Personal Information

We may disclose your Personal Information to recipients located outside Australia, including our Related Bodies Corporate located in New Zealand, Singapore, United Kingdom, Malaysia, the Philippines, and Vietnam, and third-party service providers located globally, where it is deemed reasonably necessary for us to make such disclosure. Where we disclose Personal Information to overseas parties, we will ensure that the overseas recipient complies with the APP guidelines when dealing with the Personal Information, and we put safeguards in place to ensure your Personal Information remains protected.

When we disclose Personal Information overseas, we take measures to ensure your information is treated in accordance with at least the standards that apply in the country whose privacy or data protection laws apply to that Personal Information (other than when compelled to make disclosure under local laws).

For individuals in the European Union or the United Kingdom, this means that your data may be transferred outside of the European Union or the United Kingdom. For further information on our transfer mechanisms, please see our KeyPay EU/UK Privacy Policy and Data Processing Agreement.

11. Do we use your Personal Information for Direct Marketing? 

We may use Personal Information for direct marketing reasons by sending you news or information about our Services that you either request from us, or we believe may interest you. These communications may be sent in various forms, including mail, social media, SMS, or email.

Where you have subscribed to our Superannuation services, we may use your Personal information to directly market the products and services of your superannuation fund which we believe may be of interest to you.

Personal information collected for marketing purposes may be communicated to a third party where you have consented to the Personal Information being provided to the third party (for example by agreeing to provide information for directed marketing, including but not limited to, discounts, offers and promotions).

You can opt out of receiving our direct marketing communications at anytime by using any of our unsubscribe or opt-out mechanisms provided within our method of communication to you, or by contacting us via email at privacy@keypay.com.

We may still send you important notices relating to your account, operational activities, and technical updates, even after you have opted out of receiving marketing communications.

12. Storage & Security of Personal Information

Personal information held by us will be stored and managed by our third-party suppliers who store data on secure data centres. Further details on our third-party storage provider’s location and security can be found here.

While we take all reasonable steps to ensure the security of our system, we cannot provide any guarantee regarding security of the Personal Information and other data transmitted to the Services and we will not be held responsible for events arising from unauthorised access of your Personal Information.

We implement a variety of security measures to maintain the safety of your Personal Information when you enter, submit, or access your Personal Information.

We offer the use of a secure server. All supplied sensitive/credit information is transmitted using the latest 256-bitSecureSocket Layer (SSL) encryption technology and then encrypted into our payment gateway provider’s database only to be accessible by those authorised with special access rights to such systems and are required to keep the information confidential. 256-bit SSL encryption is approximated to take at least one trillion years to break and is the industry standard.

Processing of payments occurs using third party payment gateways and as such, your credit card information is never stored on our servers.

You can also play an important role in keeping your Personal Information secure, by maintaining the confidentiality of any password and accounts used on the Services. Please notify us immediately if there is any unauthorised use of your account by any other user, or any other breach of security relating to your account via email at privacy@keypay.com.


13. GDPR Compliance

Our processing of your Personal Information may at times be covered by the General Data Protection Regulation of the European Union (EU GDPR) and/or the General Data Protection Regulation of the United Kingdom (UK GDPR). Where our processing of Personal Information is covered by the EU GDPR and/or the UK GDPR, we will ensure compliance with such laws and regulations. For further information on how we comply with the EUGDPR and UK GDPR, please refer to the KeyPay EU/UK Privacy Policy.

14. Cookies and statistical analysis

The Services we provide use cookies which are small text files containing a string of alphanumeric characters which are sent to your computer that uniquely identifies your browser and lets us enhance your experience when using our Services such as helping you with logging in more efficiently, enhancing your navigation through our Services, and generally improving the user experience. Cookies also convey information to us about how you use our Services. When you use our Services, certain information may be recorded for statistical purposes. The information that may be recorded includes information regarding your:

  • server address;
  • domain name;
  • date and time of visit;
  • previous websites visited; and
  • browser type.

You can also read our Cookie Policy to further understand how cookies may be used to collect and use your Personal Information.  

15. Third-party links

The Services may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third-party website. Third party websites are responsible for informing you about their own privacy practices and policies.

16. Google API policies

Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

17. Access to and correction or deletion of your Personal Information

We will endeavour at all times to maintain an accurate record of your Personal information. To assist us in keeping our records up to date, you should ensure all Personal Information provided to us is accurate and up to date, and to notify us of changes where appropriate.

You have the right to access the Personal Information which we hold about you and for corrections to be made to this information. If you wish to verify or correct any of the details you have submitted to us, you may do so by contacting us via email at privacy@keypay.com. There are some circumstances in which we are not required to give you access to your Personal Information.

Contact us via email at privacy@keypay.com to request deletion of your KeyPay account and/or Personal Information. As soon as practicable after your request, we will take reasonable steps to delete your information from our systems and will provide your request to any relevant sub-processors. These steps will not include deleting any information stored in our system backups.

If you are an employee whose Personal Information has been uploaded to the KeyPay Platform by your employer, you may need to ask your employer to delete the Personal Information from the KeyPay Platform. Your employer will then request us to delete it from our systems.

Our security procedures mean that we may request proof of identity before we reveal Personal Information. This proof of identity will take the form of your email address and password submitted upon registration. We also implement two-factor authentication processes to better protect your privacy. You must therefore keep this information safe as you will be responsible for any action which we take in response to a request from someone using your email and password.

18. Retention

The length of time we keep your Personal Information depends on what it is and whether we have an ongoing business need to retain it (for example, to provide you with a service you’ve requested or to comply with applicable legal, tax or accounting requirements).

We’ll retain your Personal Information for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policies and practices. Following that period, we’ll make sure it’s deleted or anonymised.

19. Enforcement and complaints

We regularly review our compliance with this Privacy Policy as well as under applicable privacy laws. If you have a complaint regarding this Privacy Policy or any breach of applicable privacy laws, please contact us via email at privacy@keypay.com. Once we receive a complaint, we will commence an investigation as soon as practicable. We may contact you during the process to seek any further clarification if necessary. We will also contact you to inform you of the outcome of the investigation and if appropriate, to confirm how we will comply with our obligations under the privacy laws in relation to a notifiable data breach.

We will aim to ensure that all questions and concerns are resolved in a timely and appropriate manner. If you are not satisfied with the outcome of your complaint, or require further information on privacy, you are entitled to contact your local data protection supervisory authority.

The supervisory authority that applies to customers and users in different countries in which we operate are set out below.

Country Supervisory Authority Website
Australia Office of the Australian Information Commissioner www.oaic.gov.au
New Zealand Office of the Privacy Commissioner https://www.privacy.org.nz/your-rights/making-a-complaint/
United Kingdom Information Commissioners Office
(see our KeyPay EU/UK Privacy Policy for how we handle EU/UK Personal Data)


20. Contact us

Any questions or concerns that you have regarding our Privacy Policy or a breach of any applicable privacy or data protection laws should be directed to privacy@keypay.com.

For European Union or UK data protection purposes, our representative is Bird & Bird GDPR Representative Services Ireland who can be contacted by email at: eurepresentative.employmenthero@twobirds.com.

21. Our other Privacy Policies

KeyPay EU/UK Privacy Policy

Applicant Privacy Policy

Data Processing Agreement