Thank you for choosing the PS Rewards App. We are committed to protecting your privacy and ensuring transparency about how we collect, use, and disclose your personal information.

This Privacy Policy explains our practices regarding your data and outlines your rights in accordance with the Australian Privacy Act 1988 (Cth), guidelines from the Office of the Australian Information Commissioner (OAIC), and the General Data Protection Regulation (EU) 2016/679 (GDPR), as applicable.

PS Rewards App is operated by PS Rewards Pty Ltd ABN 56 675 184 460 (referred to as “we,” “us,” or “our”), an Australian company committed to providing innovative fintech solutions.

3.1 Personal Information

We collect the following types of personal information:

• Identity Information: Name, email address, phone number, date of birth, and identification details required for KYC verification
• Financial Information: Banking details, transaction history, payment card information, and purchase patterns
• Technical Information: Device information, IP address, app usage data, and location data
• Preference Information: Your loyalty programs, shopping preferences, and payment choices

3.2 Statistical Information

We also collect Statistical Information, which includes:

• Internet protocol (IP) address of your device used to connect to the Services
• Time zone setting and language preferences
• Location data
• Information about your mobile phone and/or browser
• Operating system and device information
• Other usage patterns and analytics data that do not identify you personally but track your usage of the Services

3.3 Sensitive Information

Sensitive Information includes information about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices or criminal record, as well as information about an individual’s health, genetic information or biometric information.

We will only process Sensitive Information if you expressly consent to its collection and use.

3.4 How We Collect Your Information

We collect information:

• Directly from you during registration and app usage
• From third parties with your consent (financial institutions through Open Banking)
• Automatically through your interactions with our app and merchants
• From merchants when you participate in loyalty programs or redeem offers

If we receive unsolicited information about you, we will only collect and retain it where:

• Such collection is reasonably necessary for one or more of our functions or activities; and
• We either:
  • Obtain your consent; or
  • Are authorized or required to do so by law.

Where these conditions are not met, we will destroy any unsolicited Personal Information that we receive.

We use your personal information to:

• Provide and improve our services
• Process transactions and apply cashback rewards
• Track loyalty program progress
• Deliver personalized offers and recommendations
• Verify your identity and prevent fraud
• Communicate with you about your account and offers
• Analyze usage patterns to enhance our app
• Comply with legal and regulatory requirements

We process your information based on:

• Your consent
• Performance of our contract with you
• Our legitimate interests in operating, improving, and securing our services
• Compliance with legal obligations

Under the GDPR (where applicable), we will comply with the principles of data protection for the purpose of fairness, transparency, and lawful data collection and use. We will process Personal Information as a processor and/or controller (as defined in the GDPR).

We may share your information with:

• Service Providers: Companies that help us provide our services (payment processors, KYC providers, cloud services)
• Financial Institutions: Through Open Banking connections with your explicit consent
• Merchants: To facilitate loyalty programs and cashback offers (limited to necessary transaction details)
• Regulatory Authorities: When required by law or to protect our rights

We implement contractual safeguards to ensure third parties protect your information in accordance with this policy.

You consent to our disclosure of Statistical Information to third parties including, without limitation, to analytics companies and our business partners, to help us understand usage patterns, to assist in product development, and for advertising purposes.

Where we provide your Personal Information to third parties in accordance with this Policy, you acknowledge and agree that:

• The use of your Personal Information by third parties is not in our reasonable control;
• Third-party websites may place their own cookies or other files on your computer or telephone, solicit Personal Information from you, and may or may not use your Personal Information in accordance with their own privacy policies which may differ from this Policy; and
• It is your responsibility to familiarize yourself with the privacy policy of any third-party website you visit which collects Personal Information about you.

We will always act to protect your information in accordance with this Policy when we disclose it to third parties. However, we will not be liable for any loss or liability which may be incurred as a result of any use of your Personal Information by a third party to whom we validly disclosed the Personal Information.

Your personal information may be transferred to, stored, and processed in countries outside Australia. Our servers are located in secure data centers that may be outside Australia, including but not limited to servers located in Singapore (Amazon Web Services).

When we transfer your information internationally, we ensure appropriate safeguards are in place to protect your data in compliance with Australian privacy laws, unless:

• We believe on reasonable grounds that the overseas recipient is bound by laws that are substantially similar to the Privacy Act which can be enforced against the overseas recipient; or
• You give us informed consent to the disclosure of your Personal Information to an overseas recipient who may not be bound by Australian Law; or
• The disclosure to an overseas recipient is authorized or required by Australian Law; or
• It is permitted by the Privacy Act.

10.1 How We Use Cookies

If you register an account or continue to use our services, you agree to our use of tracking technologies, referred to as cookies, to track and record your usage. Cookies are text files placed on your computer to collect standard internet log information and visitor behavior information.

When you access or use our services, we will automatically use cookies to collect technical information including:

• Statistical Information; and
• Information about your interaction with the Services, including your clickstream to, through, and from the Platform, activity on third-party websites which are linked to the Platform, and views and interactions with Content.

10.2 Cookie Control

You may control the technical information we collect through your browser or device settings. In doing so, you:

• Acknowledge some of our Services may not function properly if you choose to disable cookies; and
• Release us and our Related Bodies Corporate from any and all claims, liability, and losses which may arise out of your decision to disable cookies (including any limitation on your ability to use the Services).

We implement robust security measures to protect your personal information, including:

• End-to-end encryption for data in transit and at rest
• Tokenization of payment card data
• Multi-factor authentication for sensitive operations
• Regular security audits and penetration testing
• Staff training on data protection

While we use all reasonable efforts to keep secure your Personal Information, you acknowledge the internet is inherently insecure, and no data transmission online can be guaranteed as fully secure. We cannot guarantee or warrant the security of any information (including Personal Information) you provide through the use of the Platform. You understand that any information you send online is at your own risk.

If we become aware of a breach of security in relation to your Personal Information, we will immediately use our best endeavors to take action to remedy the security breach to limit the risk caused by unauthorized access to, or unauthorized disclosure of, your Personal Information.

12.1 Notification Procedures

If we become aware that a third party has, without authorization:

• Accessed your Personal Information; or
• Disclosed your Personal Information to another third party (Data Breach);

AND a reasonable person would conclude that such unauthorized access or disclosure is likely to result in serious harm to the individuals to whom the information relates, we will:

• Notify you and the Office of the Australian Information Commissioner (OAIC) with details of the Data Breach
• Provide details of how we believe the Data Breach has occurred
• Specify what Personal Information such Data Breach relates to
• Outline the steps that you can take in response to the Data Breach

Similarly, if your Personal Information is lost and we have reasonable grounds to believe that:

• Unauthorized access to, or unauthorized disclosure of, your Personal Information is likely to occur; and
• Such unauthorized access or disclosure would likely result in serious harm,

We will follow the same notification procedures described above.

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law. When your information is no longer required, we will securely delete or anonymize it.

To determine the appropriate retention period, we consider:

• The amount, nature, and sensitivity of the Personal Information
• The potential risk of unauthorized use or disclosure
• The purposes for which we process the information
• Whether we can achieve those purposes through other means
• Applicable legal requirements under the GDPR and/or the Privacy Act

Under Australian privacy law and the GDPR (where applicable), you have the right to:

• Access your personal information
• Correct inaccurate or incomplete information
• Request deletion of your information (subject to legal requirements)
• Withdraw consent for processing based on consent
• Lodge a complaint with the OAIC
• Request restrictions on processing in certain circumstances
• Data portability (receive your data in a structured, commonly used format)

To exercise these rights, please contact us at [privacy@smartcashbackapp.com.au].

We may send you marketing communications based on your preferences. You can opt-out of these communications at any time through the app settings or by following the unsubscribe instructions in our emails.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes through the app or by email and indicate when the policy was last updated.

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

If you believe we have breached the Australian Privacy Principles or that the privacy of your Personal Information has been compromised, please contact us immediately at:

• Email: privacy@psrewards.com.au

Complaint Handling Process

We are committed to resolving complaints promptly and fairly. We will:

1. Acknowledge your complaint within 5 business days
2. Investigate the matter thoroughly
3. Aim to resolve it within 30 days
4. Notify you if we need more time to resolve the complaint
5. Provide you with a written response explaining our decision

If you do not receive a satisfactory response from us, or you believe that we have not handled your complaint satisfactorily, you may wish to refer your complaint to the Office of the Australian Information Commissioner at:

• Address: GPO Box 5218, Sydney NSW 2001
• Email: enquiries@oaic.gov.au
• Phone: 1300 363 992

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

• Email: privacy@psrewards.com.au