Privacy Policy

SlashTech Australia Pty Ltd (“SlashTech”, “we”, “us”, “our”) operates the FieldWork platform, accessible at hub.slashtech.com.au. This Privacy Policy applies to all personal information collected through the FieldWork platform, our website at slashtech.com.au, and any other interactions you have with us.

This Policy should be read together with our Terms of Service. By using the FieldWork platform, you acknowledge that you have read this Policy and consent to the practices described herein.

If you have questions about this Policy, please contact us at privacy@slashtech.com.au.

The personal information we collect depends on your role and how you interact with the platform.

Client portal users:

• Full name and email address
• Organisation and job title (where provided)
• Project and engagement affiliation
• Document viewing, download, and approval history
• Portal activity and session data (pages visited, timestamps)

Staff and contractors (internal platform users):

• Full name, email address, and phone number
• Role, employment type, and engagement history
• Pay rates, billing rates, or annual salary
• Time entries, timesheets, and leave records
• Expense submissions and supporting receipts
• Skills, professional biography, and availability
• Bank account or payment details for contractor remuneration
• System activity and audit logs

We do not intentionally collect sensitive information unless you voluntarily provide it and have consented to its collection.

We collect personal information through the following channels:

• Directly from you — when you accept an invitation, create or update your profile, log time, submit expenses, upload documents, or otherwise interact with the Service
• Automatically — usage data, access logs, and audit trails generated as a by-product of your use of the platform (including IP address, browser type, device type, and session timestamps)
• From SlashTech staff — when an administrator creates or updates your profile on your behalf as part of onboarding
• From your employer — where your employer has engaged SlashTech and provides us with contact details to grant you access to the platform

We will always tell you why we are collecting your personal information and how it will be used at the time of collection.

We collect and use your personal information for the following primary purposes:

• Providing, operating, and maintaining the FieldWork platform
• Creating and managing your user account and authenticating your identity
• Processing timesheets, generating invoices, and administering contractor payments and expense reimbursements
• Sharing relevant project information, documents, and invoices with authorised client contacts
• Sending transactional notifications and communications directly related to your engagement with SlashTech
• Maintaining complete audit trails to support financial, legal, and operational compliance obligations
• Investigating and resolving security incidents, disputes, or complaints
• Complying with our legal and regulatory obligations under Australian law
• Improving the security and performance of the platform

We will not use your personal information for direct marketing purposes without your explicit, informed consent. We do not sell or rent your personal information to third parties for their own commercial purposes.

We may disclose your personal information to trusted third-party service providers who assist us in operating the platform. These providers act as data processors under our direction and are bound by contractual obligations to handle your information securely and only for the purposes we specify.

We may also disclose your personal information to:

• Professional advisers, including lawyers and accountants, subject to confidentiality obligations
• Law enforcement agencies, regulators, or courts where required by law or legal process
• A successor entity in the event of a merger, acquisition, or sale of SlashTech’s assets, provided the successor agrees to handle your information consistently with this Policy

We will not otherwise disclose your personal information without your consent.

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, disclosure, alteration, loss, or destruction. Our security practices include:

• Encrypted data transmission using industry-standard TLS/HTTPS
• Encrypted storage of data at rest, including database records and uploaded files
• Role-based access controls ensuring users only access information relevant to their role and engagement
• Private file storage with signed access tokens required for document retrieval
• Comprehensive audit logging of all data access, modification, and deletion events
• Regular review and testing of our security controls

Our infrastructure is hosted on services compliant with SOC 2 Type II and ISO 27001 certifications. Despite these measures, no electronic system is completely secure. If you suspect a security incident, please notify us immediately at privacy@slashtech.com.au. We will investigate all reported incidents and notify the OAIC under the Notifiable Data Breaches scheme where required.

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the following rights:

Right of Access — You may request a copy of the personal information we hold about you. We will respond within 30 days.

Right of Correction — If you believe information we hold is inaccurate, outdated, or incomplete, you may request a correction. We will update records promptly.

Right of Deletion — You may request deletion of your personal information. We will comply within 30 days unless we are required to retain it to meet a legal or audit obligation.

Right to Complain — If you are dissatisfied with how we have handled your personal information, you may lodge a complaint as described in section 9.

To exercise any of these rights, contact us at privacy@slashtech.com.au. We may need to verify your identity before processing your request.

The FieldWork platform uses cookies and similar technologies to support authentication and the secure operation of the Service:

• Session cookies — to maintain your authenticated session while logged in. These are deleted when you close your browser or log out.
• Security cookies — short-lived tokens used to protect against CSRF attacks.

We do not use third-party advertising cookies, tracking pixels, or cross-site analytics cookies. All cookies set by FieldWork are marked as HttpOnly and Secure to protect against interception and cross-site scripting.

For any questions, concerns, or requests regarding this Privacy Policy, please contact our Privacy Officer:

We will acknowledge your enquiry within 5 business days and endeavour to resolve it within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC): GPO Box 5218, Sydney NSW 2001 — Phone: 1300 363 992 — www.oaic.gov.au

We may update this Privacy Policy from time to time. We will notify you of material changes by email or a prominent notice within the Service no less than 14 days before the updated Policy takes effect.

Your continued use of the Service after the effective date constitutes your acceptance of the revised Policy.