Privacy Policy

Document Version Control
Document Status: Version 1
Version number 1/2025
Effective Date 30 June 2025
Document History
Version Date Policy Owner Approved By Approval Date Description of Changes
1/2025 30 June 2025 Head of Legal Caecilia Chu CEO 30 June 2025 Establishment of Policy for YTGAU
  1. About This Policy
    This Privacy Policy outlines how You Technologies Group (Australia) Pty Ltd, ACN number 676703496 and AFSL number 558059 (“YouTrip Australia”, “we”, “us”, “our”) manages personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). We value your privacy, and as such, are committed to managing your Personal Data entrusted to us with the attention it deserves. We are committed to abiding by the APPs, and:
    • Handling your personal information in a lawful and transparent way.
    • Protecting your privacy and keeping your information secure.
    • Ensuring you can access and control your personal information.
    This Privacy Policy applies to the Personal Data collected in the Company’s website at you.co, the Company’s social media and customer communication channels, the Company’s mobile application, and any services accessed by you through our website, mobile application, social media or customer communication channels. This Privacy Policy contains important information and aims to help you understand how we manage the Personal Data we collect from our customers, as well as why we collect them, how we use them and under what circumstances we will disclose them. Please note that this Notice will be supplementary in addition to any other consent you may have given to us in connection to your Personal Data. Please be sure to check for any updates to this Notice, which will be made from time to time. We are a company that strives to ensure our information and practices are up-to-date and consistent across the board, and as such, will revise this Notice as new developments and changes in legal and regulatory requirements as well as the industry arise. By interacting with us, you are agreeing to be bound by our Notice. Any updates will be available on our website, you.co. Should you wish to find out more about how we manage your Personal Data, please contact us through e-mail at customer.au@you.co  (with “Personal Data Protection” as the subject). In order to better serve your needs, our Data Protection Officer may reach out to you for further information or clarification, if deemed necessary.
  2. Personal Data
    As defined in Section 6(1) of the Privacy Act 1988 (Cth), “Personal Data” means and includes any information or opinion about an identified individual or an individual who is reasonably identifiable, and any such data which the Company has, or may have access to, upon which can be used to identify a person, whether or not the relevant data is correct. Some examples of these Personal Data are the following, some of which you might have provided to us during our interaction: Personal identification information including but not limited to your name, official identification (such as passport, national identification number, photocopies of your identification documents, driver’s license, work permits and residency cards), photo, nationality, gender, date of birth, telephone number(s), postal address, e-mail address; Bank transaction information such as your bank account details, the merchant or ATM’s location and additional details about them; date, time and transaction amount, payment instrument, details of foreign currency exchange, details of cross-border transactions and detailed information of any electronic money exchange between the sender and the receiver such as name, date, time, location, IP address and information about the device used to process the transaction; Information that can enhance your overall user experience and enhance fraud management of the product, including your device’s operating system and platform, browser type and version, plug-ins, device type, unique device identifier, GPS data, location data, web or mobile analytics such as clickstream and page interaction data; and Following information would only be accessed if you have given consent when the Company sought your permission with the mobile application: content information stored on your mobile device, contact information from your address book, digital contents and login information.
  3. Collecting Personal Data
    In order to process, administer and / or manage your relationship and / or account with us, it may be necessary for us to collect, use, disclose and / or process your Personal Data or other personal information. These may include those listed in our products or services application form(s), which may have been submitted via e-mail, website, mobile application or any other method. We also collect sensitive information (e.g., biometric data and photographs) with your explicit consent, in accordance with the APPs. We collect personal information directly from you or from third parties, as permitted by the APPs. This includes when you:
    • Register or use our mobile app;
    • Submit identity verification documents (e.g. for KYC or AML checks);
    • Transact using your YouTrip card or app;
    • Contact customer support or respond to surveys;
    • Interact with our website or social media channels
    We may also collect information from:
    • Credit or identity verification providers;
    • Financial institutions or payment processors;
    • Public sources or regulators (if required by law).
    What we do with unsolicited personal information:
    • If we receive personal information that we did not solicit, we will determine whether we could have lawfully collected it under the APPs.
    • If not, we will de-identify or destroy the information as soon as practicable, provided it is lawful and reasonable to do so.
  4. Holding / Storing Personal Information
    We hold / store personal information in electronic and, in limited cases, physical form. Electronic records. Most personal information is stored electronically in our secure cloud infrastructure and internal business systems that support our products and operations. These include systems such as core application and payment processing platforms, identity verification/KYC tools, customer support/ticketing systems, document management and collaboration systems, and analytics/logging platforms. Information stored electronically is protected by encryption, logical segregation, access controls and audit logging (see paragraph 9). Physical records. Where required by law or business need (for example, certain KYC or dispute records), we may retain hard-copy documents. Physical records are kept in locked storage within access-controlled areas or with accredited off-site archive providers. Internal vs third-party storage. We store information in our own systems and with carefully selected third-party service providers that host or process information on our behalf under contract. Some providers may be located outside Australia. For overseas locations and safeguards, see paragraph 8 (Overseas disclosures) and paragraph 9 (Security). Data minimisation and segregation. We apply data minimisation and segregate environments so that personal information is accessible only to personnel and providers who need it to perform their duties.
  5. Purpose for the Collection, Use, and Disclosure of Your Personal Data
    We collect, use, disclose and / or process your Personal Data for the following purposes (“Purposes”):
    • Processing your application, including but not limited to verifying your identity and evaluating your financial and legal track record, for our goods or services;
    • Administering and / or managing your relationship or account with us;
    • Processing and / or dealing with any of your request and any necessary investigations relating to your request;
    • Carrying out due diligence or other screening activities in accordance with legal or regulatory obligations or risk management procedures that may be required by law or by us;
    • Carrying out your instructions or responding to any of your enquiries;
    • Requesting feedback or participation in surveys, as well as conducting market research and/or analysis for statistical, profiling or other purposes for us to improve and design our products, understand customer preferences and market trends, and to review, develop and improve the quality of our products and services;
    • Providing media announcements and responses;
    • Dealing with any matters relating to the services and / or products which you are applying for or have already applied for, including mailing to you correspondences, statements, invoices, reports or notices, processes which involve disclosing certain Personal Data about you in order to carry out the aforementioned delivery, as well as disclosing certain Personal Data on the cover of envelopes / mail packages);
    • Investigating fraud, misconduct, unlawful action or omission, and any suspicion of the aforementioned and/or
    • Complying with applicable law in administering and managing your relationship with us;
    • Any other purposes related to any of the above.
    We may also use and process your Personal Data for other marketing and promotional related purposes such as (“Additional Purposes”) via post, email, telephone call, SMS, mobile app notification, website, and/or online messaging service:
    • Providing or marketing services, products and benefits to you (only with your consent), including promotions, loyalty and reward programmes;
    • Sending you details of products, services, special offers and rewards, either to our users generally, or which we have identified may be of interest to you;
    • Notifying you on events or activities organized by You Technologies, its partners, sponsors or advertisers, and the processing the registration for such events or activities; and/or
    • Matching Personal Data with other data collected for other purposes and from other sources (including third parties) in connection with the provision or offering of products and services, whether by You Technologies or other third parties.
    More specifically, for the purposes of direct marketing, We may use your information for direct marketing (emails, push notifications, app alerts), in accordance with the APPs, but only where:
    • You have provided consent, or
    • You would reasonably expect such use.
    You can opt out at any time by:
    • Managing settings in the YouTrip app;
    • Clicking “unsubscribe” in our messages;
    • Contacting dpo@you.co.
    We will not sell your personal information to third parties. We will not use your personal information for a secondary purpose unless:
    • You have consented or
    • It is required or authorised by law
  6. Notifications relating to Collection
    When we collect personal information, we will notify you at or before the time of collection, or if that is not practicable, as soon as practicable afterward. Our notices will include:
    • The identity and contact details of YouTrip Australia;
    • The purpose(s) of collection;
    • Whether the collection is required by law;
    • The consequences of not providing the information;
    • To whom we usually disclose the information;
    • That our Privacy Policy explains how to access and correct your information, and how to make a complaint;
    • Whether we are likely to disclose the information to overseas recipients (and where).
    This information is generally provided via:
    • This Privacy Policy;
    • Email notifications;
    • App notifications at the time of onboarding;
    • In-product messages or support disclosures.
  7. Do You have to provide your information?
    In some cases, we are legally obligated to collect personal information, such as under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006. If you do not provide certain information, we may not be able to provide you with some or all of our services.
  8. Disclosure of your information
    We will take reasonable steps to protect your Personal Data against unauthorised disclosure. To the extent permitted by law, we may transfer or disclose your Personal Data for the Purposes and Additional Purposes stated in this Notice, to the following entities or parties, whether they are located overseas or in Australia. We also store personal information in our own systems and with third-party hosting and processing providers engaged to support our services (for example, cloud infrastructure, document management and customer support platforms). Some providers operate outside Australia; see the safeguards below. We may disclose your personal information, as permitted by the APPs, to the following:
    • You Technologies’ related companies;
    • Identity verification providers (e.g., electronic KYC tools)
    • Counterparties and their respective financial institutions in relation to payments and other transactions (e.g., Visa, Mastercard);
    • Issuer of the stored value facility;
    • Government regulators (e.g., AUSTRAC, ASIC, ATO) under law;
    • Our service providers;
    • Agents, contractors or third party service providers who provide operational services to You Technologies, such as courier services, telecommunications, information technology, cloud infrastructure, payment, payroll, processing, training, market research, storage, archival, customer support investigation services or other services to You Technologies;
    • Vendors or other third party service providers, including but not limited to advertisers and event management companies, in connection with promotions and services offered by You Technologies;
    • Professional advisors and external auditors, including legal advisors, financial advisors and consultants;
    • Co-branded and other business partners; and/or
    • Third parties you authorise or as required by law.
    Under the APPs, we may disclose your personal information to overseas recipients, particularly in:
    • Singapore;
    • Other countries where we or our service providers operate.
    We will take reasonable steps to ensure those recipients do not breach the APPs, unless:
    • The recipient is subject to substantially similar data protection laws;
    • You expressly consent to the disclosure after being informed.
  9. Security of your information
    We are required by the APPs to take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification or disclosure. Our safeguards include:
    • Secure cloud infrastructure and encrypted communications (e.g. HTTPS, TLS);
    • Strong access controls and two-factor authentication;
    • Employee training and internal access policies;
    • Data minimisation and audit logging;
    • Contracts with service providers to enforce data protection obligations.
  10. Retention of your information We retain your personal information:
    • As long as you are a customer;
    • For up to seven years after service termination, to meet recordkeeping obligations under laws such as the Corporations Act 2001, Income Tax Assessment Acts, and AML/CTF laws;
    • Longer where legally required or reasonably necessary.
    When no longer needed, we securely destroy or de-identify your information in accordance with OAIC guidelines.
  11. Accessing Your Personal Data and Correction Requests
    Should you wish to access a copy of or request for correction of your Personal Data held by us, you can submit your request to our Data Protection Officer by contacting us via: Email: dpo@you.co Mail: Data Protection Officer You Technologies Group (Australia) Pty. Ltd. Suite 2, Level 25, 100 Miller Street, North Sydney, NSW 2060, Australia We will respond within 30 days. Access is generally free, but we may charge a reasonable fee for retrieval. Please also note that we may need to ask for your identification number and other necessary details during the process to verify your identity. We reserve the right to refuse your requests to access and/or correct your Personal Data for reasons permitted by law. We may also refuse access in limited cases outlined in the APPs (e.g. where access may unreasonably affect another individual’s privacy). We reserve the right to charge a reasonable fee for processing your request to access or retrieve your Personal Data. You have the right under the APPs to request access to your personal information and to request correction if it is:
    • Inaccurate;
    • Out-of-date;
    • Incomplete;
    • Irrelevant;
    • Misleading.
  12. Acknowledgement and Consent
    By providing your personal information to us, or using our website, or signing up for or accessing products or services we offer during any of our interactions, either directly with us or through our agents and / or partners, you are consenting to the following:
    • The Company may collect, use, disclose and / or process your Personal Data for the Purposes and Additional Purposes as described above;
    • The Company may collect Personal Data about you from sources other than yourself and use, disclose and / or process the same for one or more of the Purposes and Additional Purposes as described above; and
    • The Company may disclose your Personal Data to our third party service providers or agents (including its lawyers / law firms) for the Purposes and Additional Purposes as described above.
    Telephone Calls, E-mails and Text-Based Enquiries To continuously improve our service, all communications between you and the Company, whether made via telephone calls, e-mails and / or text-based modality may be recorded and monitored.
  13. Research
    For research or statistical purposes, we may use or disclose to others anonymised or aggregated data.
  14. Use of Cookies
    The Company, and third parties with whom we partner, may use cookies, tags, scripts, web objects, advertising identifiers (such as mobile device identifiers including but not limited to Apple’s IDFA or Google’s Advertising ID) and similar technology (“Cookies”) during your use of our website, mobile application, social media channels, and customer contact channels. Cookies may contain unique identifiers and are stored or used in, including but not limited to, your computer or mobile device, emails we send to you, and our web pages. These technologies help us improve your browsing experience, personalise content, enhance security, and deliver relevant marketing. Where legally permissible, by using our website and / or mobile application, you consent to us on the usage of Cookies. Information collected by Cookies Cookies may transmit information about you and your use of our service, including but not limited to:
    • IP Address;
    • Browser / Device type;
    • Website or mobile application visited before you came to our website or mobile application
    • What page user viewed on our website or mobile application
    • Time spent on our website or mobile application
    Cookies may be stored persistently or stored only during an individual user session. Purpose of Using Cookies Cookies enable the Company to provide and develop a more personalized browsing and usage experience on our website and mobile application, and improve the experience of displaying targeted advertising to you. Necessary Cookies Necessary cookies are essential for the operation of our website and are enabled by default. While you can disable these cookies through your browser or device settings, doing so may impact the functionality or usability of the site. These cookies help us ensure the website runs smoothly and allow us to identify and fix any technical issues. For example, we use a cookie to monitor server load and detect if users are experiencing errors, so we can respond and resolve problems quickly. We also use necessary cookies to remember you as you navigate through different pages, links, and subdomains of our website. These cookies help recognise returning users and deliver consistent, tailored content as you browse. In addition, we use a cookie to store your privacy preferences — specifically, to remember if you’ve opted out of analytics and advertising cookies (explained below). This particular cookie remains on your device even after your browsing session ends, to help ensure we comply with your preferences and meet our legal and regulatory obligations. Analytics and Advertising Cookies These cookies help us understand how visitors interact with our website by allowing us to recognise and count the number of users, and observe how they navigate through pages. This insight enables us to assess the performance of our content and make improvements where needed. To do this, we use third-party cookies, which are listed in the table below. Analytics and advertising cookies also track which pages, links, and subdomains you visit so we can tailor more relevant advertising to you. We may share this information with third parties — such as Google, Facebook, and LinkedIn — for this purpose. The analytics and advertising cookies we use are:
    Cookies  Purpose
    Google Ads Advertising
    Cloudflare Necessary
    Facebook Ads Advertising
    Google Analytics Analytics
    TikTok ads Advertising
    Fullstory Analytics
    WordPress Necessary
    Changing your Cookie preferences You may deactivate cookies by adjusting your internet browser settings to disable, block or deactivate cookies, by deleting your browsing history and clearing the cache from your internet browser, if you do not wish your Cookies to be collected. You may also be able to limit our sharing of some of this information through your mobile device settings.
  15. Complaint Process
    If you believe we have breached your privacy rights under the Privacy Act 1988 (Cth) or a registered APP Code, you may contact us at: dpo@you.co We aim to resolve complaints within 30 days. If you are not satisfied with our response, you may contact: Office of the Australian Information Commissioner (OAIC) GPO Box 5218, Sydney NSW 2001 1300 363 992 www.oaic.gov.au
  16. Changes to This Policy
    We may amend this Privacy Policy from time to time to reflect changes in law or practice. When we do, we will update the “Last Updated” date above and may notify you by:
    • Email;
    • App notification;
    • Website posting.
The most current version will always be available at here