Phoenix Payments Pty Ltd ("Phoenix Payments", "we", "our" or "us") is committed to handling personal information responsibly and in line with the Privacy Act 1988 (Cth), including the Australian Privacy Principles.

We collect personal information through our website, digital channels, applications, onboarding processes and other interactions with you so we can respond to enquiries, provide our products and services, support merchants and customers, meet legal and regulatory obligations, and run our business.

By providing your personal information to us, you agree that we may collect, use, store and disclose it in line with this Privacy Policy. If you choose not to provide certain information, we may not be able to communicate with you properly, assess your application, or provide some or all of our products and services.

We may disclose your personal information to related entities, service providers, acquirers, financial services partners and other third parties that help us operate our business or deliver our services. Some of those parties may be located outside Australia, including in New Zealand, the Philippines, India and Ireland.

We may also use your personal information to send you information about our products, services and related offers, unless you opt out. You can do that at any time.

This Privacy Policy explains how you can:

• access the personal information we hold about you; 
• ask us to correct it; 
• make a privacy complaint; and 
• contact us with questions. 

For privacy enquiries, please contact us at privacy@phoenixpayments.com.au

Date: March 2026

About this Privacy Policy

Phoenix Payments Pty Ltd ("Phoenix Payments", "we", "our" or "us") provides payment and related services to businesses in Australia and New Zealand.

We take privacy seriously. This Privacy Policy explains how we collect, use, disclose, store and otherwise handle personal information. It also explains your rights and how to contact us if you have questions or concerns.

We comply with the Privacy Act 1988 (Cth), including the Australian Privacy Principles, and other privacy laws that apply to us in Australia.

When we say personal information, we mean information or an opinion about an identified individual, or an individual who is reasonably identifiable.

This Privacy Policy applies to:

• visitors to our website and digital channels; 
• prospective, current and former merchants; 
• end customers whose payment transactions we help facilitate; and 
• people who otherwise interact with us. 

This Privacy Policy does not apply to job applicants or employees.

By using our website, digital channels or services, or by otherwise interacting with us, you acknowledge that your personal information will be handled in accordance with this Privacy Policy.

We may update this Privacy Policy from time to time. When we do, we will publish the updated version on our website and, where appropriate, notify you by email or through our services.

What personal information we collect

The personal information we collect depends on how you interact with us and what services are involved. In some cases, we are also required by law to collect certain information, including under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) and related rules.

Merchants, prospective merchants and former merchants

If you enquire about, apply for, or use our products and services, we may collect personal information such as:

• full name; 
• email address and phone number; 
• residential and business addresses; 
• date of birth; 
• identification details, such as passport, driver's licence, Medicare or other government-issued identification numbers; 
• information used to verify identity, including information from third-party verification providers, government verification systems and reference databases; 
• employment and business details, including business name, ACN, ABN, industry and estimated turnover or monthly transaction volume; 
• bank account details and supporting financial documents; 
• transaction data relating to your business; 
• records of your interactions and communications with us; and 
• information about your preferences, interests and use of our products and services. 

End customers of merchants

If you make a payment to one of our merchants using services we support or facilitate, we may collect personal information such as:

• tokenised and encrypted card or payment credentials associated with the transaction; 
• transaction details, including payment method, amount, time, date and location; 
• name and contact details, where needed to investigate a payment issue, dispute or enquiry; and 
• statistical or behavioural information relating to your interaction with payment products or services used by our merchants. 

For clarity, Phoenix Payments does not collect, handle or store unencrypted or non-tokenised cardholder data.

Information collected through our website and digital channels

When you visit our website, use our online portals, engage with our emails, social media pages or other digital tools, we may collect information such as:

• IP address; 
• browser and device type; 
• operating system; 
• online or device identifiers; 
• location information, where enabled on your device; 
• website usage data, such as page visits, clicks, navigation behaviour and session activity; 
• login and account access information; and 
• analytics, behavioural and statistical information about how you interact with our digital channels. 

Some of this information may not identify you on its own. However, where it can be linked to you, we will treat it as personal information.

When we collect personal information

We may collect personal information:

If you are a merchant:

• when you enquire about our services; 
• when you apply for our products or services; 
• when you are onboarded as a customer; 
• when you use our services or process transactions through our platform; 
• when you contact us for support, account management, training or dispute resolution; 
• when you complete surveys, forms or feedback requests; and 
• when you otherwise manage your relationship with us. 

If you are an end customer of a merchant:

• when you make a payment through a merchant that uses our services; 
• when we need to help investigate a payment issue, dispute, chargeback or enquiry; and 
• when we communicate with you in relation to a transaction. 

More generally:

• when you visit our website or use our digital channels; 
• when you contact us by phone, email, online form or chat; 
• when collection is authorised by you; and 
• when collection is required or permitted by law. 

We may also monitor and record communications with us, including phone calls, email and chat, for training, quality assurance, dispute handling, fraud prevention, security and legal compliance.

Where practical, you may interact with us anonymously or using a pseudonym, for example when making a general enquiry. However, we usually need identifying information to provide our services, support an account, or comply with legal obligations.

How we collect personal information

Where possible, we collect personal information directly from you.

For example, we may collect it when you:

• complete an application or onboarding form; 
• use our products or services; 
• contact us; 
• submit documents; 
• use our website or merchant portal; or 
• interact with our communications. 

Sometimes we also collect personal information from third parties, including:

• identity verification and fraud prevention providers; 
• credit reporting bodies and credit check providers; 
• publicly available sources; 
• financial institutions and other service providers you deal with; 
• our related entities and business partners; 
• your authorised representatives or professional advisers; 
• acquirers and other parties involved in payment processing; and 
• information and data service providers that help us keep our records accurate and up to date. 

We also use cookies and similar technologies on our website and digital channels. These help us understand usage, improve performance and personalise your experience.

Why we collect, use and hold personal information

We collect, use and hold personal information so we can:

• verify your identity; 
• assess applications for our products and services; 
• onboard merchants and manage accounts; 
• provide and support our products and services; 
• facilitate payment transactions; 
• manage billing, fees, settlements and debt recovery; 
• detect, prevent and investigate fraud, misuse, security issues and suspicious activity; 
• comply with legal and regulatory obligations; 
• communicate with merchants and end customers; 
• investigate and resolve complaints, disputes and chargebacks; 
• improve our products, services, website and customer experience; 
• carry out research, analytics and service development; 
• market our products and services, where permitted; 
• protect our rights, business and systems; and 
• support corporate transactions such as investment, financing, restructure or sale of business assets. 

Who we may disclose personal information to

We may disclose personal information where reasonably necessary to operate our business, provide our services, or comply with the law.

This may include disclosure to:

• service providers and contractors who support our operations, including technology, software, hosting, identity verification, fraud detection, customer support, analytics, billing, debt recovery, legal, accounting, tax, audit and compliance providers; 
• acquirers, payment partners, financial institutions, card schemes and other parties involved in delivering payment services; 
• hardware and device suppliers, installers, repairers and support providers; 
• marketing, communications and research partners; 
• our related entities, agents and advisers; 
• your authorised representatives, legal guardian or attorney; 
• insurers, investors, financiers, shareholders or prospective purchasers of our business; 
• regulators, government bodies, courts, law enforcement agencies and complaint bodies, including AUSTRAC, ASIC, the ACCC and the Australian Financial Complaints Authority, where required or authorised by law. 

We may also disclose personal information where you have asked us to, or where disclosure is otherwise permitted under applicable law.

Our website and digital channels may contain links to third-party websites, apps or social media features. Those third parties may collect information independently. We are not responsible for their privacy practices, so you should review their privacy policies separately.

Overseas disclosure

Phoenix Payments operates primarily in Australia and New Zealand. However, some of our service providers, partners or systems may be located overseas or may access personal information from overseas.

This means personal information may be accessed, used, disclosed or stored in countries including:

• New Zealand 
• the Philippines 
• India 
• Ireland 
• United Arab Emirates

Where we disclose personal information overseas, we take reasonable steps to ensure it is handled in a way that is consistent with Australian privacy law.

Marketing

We may use your personal information to send you updates, insights, product information, service announcements and marketing communications about Phoenix Payments and, where relevant, selected offers from our related entities or partners.

We may contact you by:

• email; 
• SMS or other electronic messaging; 
• phone; 
• post; 
• social media; 
• website advertising; or 
• other direct marketing channels. 

You can opt out of marketing communications at any time by:

• using the unsubscribe link in the message; 
• contacting us directly; or 
• emailing our Privacy Officer. 

Even if you opt out of marketing, we may still send you service-related communications, including account notices, transaction notifications, legal updates and important operational messages.

If you receive marketing from one of our partners, you will need to opt out directly with that partner.

We may also use customer testimonials or endorsements in marketing materials. If we want to identify you or your business in that context, we will generally seek your consent first.

Storage and security

We store personal information in electronic systems and, in some cases, in hard copy files. These may be held by us directly or by trusted service providers acting on our behalf.

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification and disclosure.

These steps may include:

• encryption and secure transmission methods; 
• firewalls and network protection controls; 
• access controls and authentication requirements; 
• internal policies and staff confidentiality obligations; 
• monitoring and security procedures; 
• secure third-party hosting and service environments; and 
• destruction or de-identification of information when it is no longer required. 

Where service providers process payment-related data on our behalf, we expect them to comply with relevant security standards, including PCI DSS where applicable.

As noted above, Phoenix Payments does not itself collect, handle or store raw card numbers or other unencrypted cardholder data.

Accessing and correcting your personal information

You can request access to the personal information we hold about you, and you can ask us to correct information that is inaccurate, out of date, incomplete, irrelevant or misleading.

In many cases, if you are a merchant, you can update your information directly through our merchant portal.

If you would like to access or correct personal information, please contact us using the details below.

We will respond within a reasonable time. In some cases, we may need to verify your identity before processing the request.

We may refuse access in some circumstances permitted by law. If that happens, we will explain why, unless we are not required to do so.

We may charge a reasonable administrative fee for giving access in some cases, but we will let you know beforehand if that applies.

Questions and complaints

If you have a question about this Privacy Policy or the way we handle personal information, please get in touch.

If you would like to make a privacy complaint, please contact us first so we can investigate and try to resolve it.

We aim to respond to privacy complaints within 30 days.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC).

Contact us

All privacy enquiries and complaints should be directed to the Phoenix Payments Privacy Officer:

Email: privacy@phoenixpayments.com.au

Phone: 1300 946 825

A copy of this Privacy Policy is available on our website or by contacting our team.

Office of the Australian Information Commissioner

Post: GPO Box 5218, Sydney NSW 2001
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
Web: www.oaic.gov.au