Privacy Policy
WFMax Pty Ltd (ACN 666 239 952)(trading as “WorkFlow Max”) and/or their related entities (together “us”, “our”or “we”) are committed to protecting the privacy of your Personal Information. This Privacy Policy tells you howwe will handle your Personal Information in accordance with the Privacy Act 1988(Cth) (“Privacy Act”), the Australian Privacy Principles (“APPs”) and theEU General Data Protection Regulation (EU) 2016/679 (“GDPR”) (if the GDPRapplies to us). Pease note that any informationthat is that is not reasonably capable of being associated with or linked to youor  other person (“Anonymised Data”) is not Personal Information. Therefore,Anonymised Data that we collect, process or otherwise use will not be governedby this Privacy Policy.All capitalised termsin this Privacy Policy have the meaning given to that term in the in theSchedule “Definitions” unless the context requires otherwise.
When does this Privacy Policy apply to me?
This Privacy Policy applies when you visit the Portal or use any of our Services. By visiting the Portal or by using any of our Services, you agree to the terms of this Privacy Policy.  You should not access the Portal and/or use any of our Services if you do not agree with this Privacy Policy.
What Personal Information Do We Collect?
We collect and use Personal Information from Users of the Portal, Users of any of our Services and visitors of the Portal.  The specific type of Personal Information that we collect will depend on will depend on the reasons for, or circumstances of its collection and may include, but is not limited to, the following:
  • User information: name, telephone and mobile number, email address, residential and postal address;
  • Identity information: age, date of birth, place of birth, details and copies of identity documents;
  • Payment and transactional information: banking, credit card or debit card details, billing information, Device information and Technical Usage Data;
  • Enquiries, communications and social media:  information contained in any enquiry you submit to us regarding our Portal or any of ourServices, communication content, metadata associated with communications and information about you shared by social media Portals (if you communicate with us by way of a social media Portal that we use); and  
If you do not allow us to collect all the Personal Information we reasonably request, we may not be able to deliver any of our Services to you.
How We Collect Personal Information
We may collect your Personal Information directly from you or in the course of our dealings with you. For example, we collect Personal Information from you or about you from:
  • Your access and use of the Portal;
  • Your use of any of our Services;
  • Correspondence between you and us;
  • Visits to and submissions you make on our Portal or in connection to any of our Services;
  • Your interactions with our electronic direct mail and/or emails from our marketing campaigns (such as clicks on links included in these emails); and
  • Registration and formsyou may fill in for our marketing-related activities and events.
In some instances, we may receive personal information about you from third parties, associated businesses, government agencies, regulatory authorities and referrers (such as other accountants, law firms, real estate agents, financial planners, insurers and business consultants). We may also receive personal information about you from your authorised third parties and publicly available sources.
Why We Collect, Hold And Use Personal Information
We collect, hold and use your Personal Information for the purposes of providing you with access and usage of the Portal and the Services, which include (without limitation):
(GDPR lawful basis: consent)
  • Providing you with use of our Portal and/or any of our Services;
  • Ongoing client relationship management purposes;
  • Offering, promoting, advertising, marketing and selling relevant and suitable Services to you;
  • Sending you relevant notifications, electronic direct mail, email marketing campaigns and/or newsletters;
  • Any other purposes identified at the time of collecting your Personal Information;
  • Developing and improving our business, the Portal and/or any of our Services;
  • For monitoring, research and analysis in relation to our business, the Portal and any of our Services;
  • Involving you in market research, gauging customer satisfaction and seeking feedback;
(GDPR lawful basis:  contractual obligation)
  • Performing and supplying any of our Services to you;
  • Managing our relationship with you (including maintaining a User profile), communicating with you, identifying you when you contact us, responding to your enquiries andkeeping records;
  • Processing payments you have authorised;
(GDPR lawful basis: legal obligation)

  • Complying with all of our legal obligations to you and to third parties (including, without limitation, any governmental authority.
  • Ensuring the security ofour Portal and our Services and maintaining back-ups of our database(s);
  • For our internal accounting and administration;
  • Where we reasonably suspect that unlawful activity has been, is being or may be engaged in and the use or disclosure is a necessary part of our investigation or in reporting thematter to the relevant authorities;
  • In the preparation for, or conduct of, court proceedings or in an administrative or out-of-courtprocedure (or the implementation of orders of a court or tribunal or on behalfof an enforcement body);
  • For the purpose of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice; and
(GDPR lawful basis: protect a person’s vital interests)
  • Where we reasonably believe that use or disclosure is necessary to lessen or prevent a serious,immediate threat to someone's health or safety or the public's health or safety.
Where we wish to use or disclose your Personal Information for other purposes, we will obtain your consent.
Will my Personal Information be disclosed to third parties?
By using our Portal,any of our Services and/or by providing us with your Personal Information (orallowing another person to do so), you acknowledge and consent to us disclosingsome or all of your Personal Information to third parties.  This includes disclosure of your Personal Information and details:
  • to our related entitiesas necessary for the provision of any of our Services or to enable them toprovide any of the service offerings that you have requested;
  • to our third party provider of verification of identity services (in which case you will be askedto agree to the third party provider’s applicable privacy policy and otherpolicies);
  •  to government agenciesto enable relevant registrations, notifications and/or lodgements in connectionwith the Portal and/or our Services;
  •  to a person that usesthe Portal or any of our Services on your behalf and/or a person you have authorised;
  • if you enable third party applications to be used in conjunction with the Portal and/or any of our Services, to those third party applications;
  •  to our partners, contractors, suppliers, subcontractors and service providers, including without limitation our suppliers of IT based solutions that assist us in providing any of our Services, distributors of direct marketing communications; marketing agencies, insurers and external business advisors;
  • in accordance withrequirements or authorisations under applicable laws or to comply with ourlegal obligations; and
  • to any other persons contemplated by this Privacy Policy.
We take reasonable steps to ensure that third party recipients areobliged to protect the privacy and security of your Personal Information and use it only for the purpose for which it is disclosed.  These measures include use of industry-standard, physical procedural and technical security measures andencryption where appropriate.  However, regardless of any security measures used, we cannot guarantee the absolute protection and security of any Personal Information stored with us or with anythird parties.  

Occasionally, we may berequired to disclose your Personal Information to third parties are located outside of Australia.  In this instance, we will take all reasonable stepsto ensure that those third parties, in whichever jurisdiction, adhere to the terms of this Privacy Policy.

At all times, the third parties that we disclose your Personal Information to:
  • are required to provideGDPR compliant services (if they are subject to the GDPR);
  • must take reasonable steps, to our satisfaction, to ensure that Personal Information disclosed by usis protected against misuse, interference, loss and unauthorized access, modification and disclosure;
  • must ensure that each of its employees who access, use or disclose Personal Information are aware of andcomply with the obligations under this Privacy Policy when they are accessing, using or disclosing the Personal Information; and
  • must, if they become aware of any misuse, interference, loss, or unauthorized access, modificationor disclosure of Personal Information disclosed by us, immediately notify us.  
Without your consent,we will not disclose your Personal Information to any third party (except forthose described above), unless such disclosure is required by local Data protectionlaws or the GDPR and/or where we reasonably believe that it is necessary tolessen or prevent a threat to life, health or safety or for action to beundertaken by an enforcement body, or where allowed to do so in accordance withthe local Data protection laws.

To the maximum extentprovided by applicable law, we are not responsible or liable for the protection and privacy of any Personal Information provided to third parties.  You accept and agree that the disclosed PersonalInformation will be held by third parties and may be used by them in accordancewith the Privacy Act and any privacy policy they may have, and in such circumstances, the third party recipient will be solely responsible for theiruse of this Personal Information.
How we hold and store Personal Information?
Your Personal Information is held and stored on paper, by electronic means (including by way of a third party client relationship management product or system) or both.  We have physical, electronic and procedural safeguards in place for Personal Information and take reasonable steps to ensure that your Personal Information is protected from misuse, interference, loss and unauthorised access, modification and disclosure.  In some cases, these facilities may be located offshore and/or in cloud-based servers that have represented to us that they are GDPR compliant.

When developing and designing products and services that involve the processing of Personal Information, we take into account Data protection to ensure that we can fulfil our Data protection obligations.

Data held and stored on paper is stored in secure premises.

Data held and stored electronically is protected by internal and external firewalls. We encrypt and/or pseudonymise data wherever possible. All access to electronic Data including databases requires password access that meets industry complexity standards.

Access to Personal Information is restricted to staff and contractors whose job description requires access.  Our employees and contractors are contractually obliged to maintain the confidentiality of any Personal Information held by us.

Data stored or archived off-Portal is contained within secure facilities. We also require our storage contractors to implement privacy safeguards.

We undertake regular Data backups, with the Data copied and backed up to multiple locations for redundancy purposes.

Our staff receive regular training on privacy procedures.
How long will my Personal Information be retained?
We will retain your Personal Information only for as long it is required for any of the purposes set out in this Privacy Policy or for any other lawful purpose.  

We will retain your Personal Information for the time periods required by law.

We use secure methods to destroy, desensitise or de-identify your Personal Information when it is no longer needed or legally required to be retained.  Paper records are sent for secure destruction.  In some instances, paper records and original documents will be returned to you and/or relevant third parties.

Electronic records may be archived to alternative storage and are subject to the procedural safeguards described above.

Please refer to the details below for the procedure to have your Personal Information deleted.
Will I be able to access and control my Personal Information?
You have a right to request access to or correction of your Personal Information held by us. If you are in the European Union, you also have a right (with a few exceptions) to request that your Personal Information is deleted.

If you wish to access, correct or update any Personal Information that we hold about you, please contact us using the details below.  

We will respond to your request within 30 days of you making the request and give you access in the manner you requested unless it is unreasonable or impracticable for us to do so. Before we accept your request, we will need to use reasonable methods to verify your identity.  There may be reasons why we cannot give you access to the information that you have requested, or we refuse to correct your personal information.  In these instances, we will let you know these reasons in writing. To assist us to keep our records up to date, please notify us of any changes to your Personal Information.
Can I withdraw my consent to hold my Personal Information?
You have a right to withdraw your consent to us using your Personal Information at any time.  

Please contact us using the details below if you would like to make such a request. We will process a request within one month. Please note that by withdrawing your consent, we may no longer be able to provide you with access to our Portal or Services. Please refer to section 8 above for the procedure to have your Personal Information deleted.
Will my Personal Information be transferred internationally?
When we share Personal Information, it may be transferred to, and processed in, countries other than the country you live in, where our Data hosting provider’s servers are located. These countries may have laws different to what you’re used to. Rest assured, where we disclose Personal Information to a third party in another country, we put safeguards in place to ensure your personal Data remains protected.

For individuals in the European Economic Area ("EEA"), this means that your Personal Information may be transferred outside of the EEA. Where your Personal Information is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA Data, or to a third party where we have approved transfer mechanisms in place to protect your Personal Information, for example, by entering into the European Commission’s Standard Contractual Clauses. For further information, please contact us using the details set out in the Contact us section below.
Data Breach
We will take seriously and deal promptly with any accidental or unauthorised loss, use or disclosure of Personal Information (Data Breach)

We are subject to the Notifiable Data Breaches Scheme ("NDB Scheme") under the Privacy Act.  In assessing and responding to suspected notifiable Data breaches, we will act in accordance with:
  • Our applicable policies which incorporate the requirements of the NDB Scheme; and
  • The guidance of the Office of the Australian Information Commissioner (“OAIC”).
Where a breach of your Personal Information occurs that is likely to cause harm (e.g. releasing unencrypted Personal Information), we will notify you and make recommendations about the steps you should take in response to the breach. Where required by law, the OAIC will also be notified.

If a Data Breach releases Personal Information of a European Union-based user, we will notify the European Data Protection Supervisor within 72 hours of becoming aware of the Data Breach.  
Will I have the opportunity to provide feedback?
From time to time, you may have the option to participate in surveys or provide feedback intended to improve any of our Services which may involve providing additional Personal Information.  Your participation in such activities is subject to your consent.
What direct marketing will be undertaken?
We may use and disclose your Personal Information for the purpose of direct marketing to you by way of a direct mail, email, SMS, MMS, targeted digital advertising or any other means of marketing communication, where:
  • You have consented to us doing so; or
  • It is otherwise permitted by law.
You may opt out of direct marketing communications at any time by contacting us or by using opt-out facilities set out in the direct marketing communications.
How will cookies be collected?
We also collect, process, and manage (collectively, “Process”) third-party information submitted by our Users onto our Portal (“Business Data”) in our role as a “data collector” (under the GDPR).  We Process such Business Data on behalf and under the instruction of the respective User (the “data collector”) in accordance with our Data Processing Addendum with them (a copy of which is available at [insert]).  Accordingly, this Privacy Policy applies only to our independent privacy and Data processing practices as a “data controller” and therefore does not apply to the processing of Business Data.

Our Users are solely responsible for determining whether and how they wish to use our Portal, and for ensuring that all individuals using the Portal on the User’s behalf or at their request, as well as all individuals whose Personal Information may be included in Business Data processed through the Portal, have been provided with adequate notice and given informed consent to the processing of their Personal Information , where such consent is necessary or advised, and that all legal requirements applicable to the collection, use or other processing of Data through our Services are fully met by the User. Our Users are also responsible for handling data subject rights requests under applicable law, by their users and other individuals whose Data they process through the Portal.
Destruction Of Personal Information
We will retain your personal information whilst it is required for any of our business functions or for any other lawful purpose. We will also retain your personal information for the time periods required by law (commonly, seven years).
We use secure methods to destroy or to permanently de-identify your personal information when it is no longer needed. Paper records are sent for secure destruction. In some instances, paper records and original documents will be returned to you and/or relevant third parties.
Electronic records retained for longer than 7 years may be archived to alternative storage and are subject to the procedural safeguards described above.
Will this Privacy Policy change?
We may update our Privacy Policy from time to time by either notifying you of a change to our Privacy Policy and providing you with the updated Privacy Policy or publishing a new version on our Portal.  Our Privacy Policy was last updated on 31 Oct 2023.  

By continuing to use our website or otherwise continuing to deal with us, you accept this Privacy Policy as it applies from time to time.
Schedule - Definitions
"Data" means any data inputted by you or with your authority through the use of the Services and includes, without limitation, data owned or supplied by you or data which may otherwise be generated, compiled, arranged or developed by you in using the Services pursuant to these Terms of Use.

“Device” means any type of device including a computer, mobile phone, tablet or console that meets the minimum specifications required to access to the Portal and/or use any of our Services.

“Device Information” means Data that can be automatically collected from any device used to access the Portal and/or any of our Services, including your Device type, your Device’s network connections, your Device’s name, your Device’s IP address, information about your Device’s web browser and the internet connection used to access the Portal or any of our Services, Geolocation Information, information about apps downloaded to your Device and biometric Data (such as Touch ID/Fingerprint).

“Geolocation Information” means information that identifies your location by using longitude and latitude coordinates obtained through GPS, Wi-Fi or cell Portal triangulation.

“Portal’ means the cloud-based software and Site owned and operated by us.  

“Personal Information” means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion;  

"Services" means any and all services provided by us through the Portal  and any other website, mobile site or Portal operated by us from time to time.  

“Site” means the website operating from the domain at “” or such other domains used by us from time to time for access to this site or any other sites or provision of any of our Services.

“Technical Usage Data” means information we collect from your Device that you use to access the Portal or any of our Services such as what you have searched for and viewed on the Portal, the length of your visit and the way you use any of our Services, including your IP address, statistics regarding how pages are loaded or viewed, the website you viewed before coming to the Portal and other usage and browsing information collected through cookies.  

“User” means a user of the Portal and/or any of our Services, as the context requires.
Promotional offer details
"Sign up to become a customer between 1 February - 31 March 2024 and get 50% off your WorkflowMax subscription for 3 months"50% off the WorkflowMax by BlueRock current list price for 3 consecutive months is available to new customers in all regions for standard and premium subscriptions only. 3 months after the commencement of the Offer, WorkflowMax’s current list price will apply. WorkflowMax by BlueRock reserves the right to change its list price, charges, and billing terms at any time at its sole discretion. This offer cannot be redeemed with an existing paid WorkflowMax subscription or be used in conjunction with any third-party or other WorkflowMax offers. Prices exclude applicable taxes. This offer is valid from 1 February 2024 until 31 March 2024 at 11:59 pm AEDT. WorkflowMax by BlueRock reserves the right to change or cancel this offer at any time at its sole discretion.
Who do I contact if I have a complaint?
Privacy Officer
WorkflowMax by BlueRock
Level 16, 414 La Trobe Street
(03) 8682 1111
Have an enquiry?
The team at WorkflowMax by BlueRock are happy to answer any questions you may have. If you have an enquiry about our new product, upcoming migration or new feature requests - please get in contact with us.