Global Privacy Policy

This Privacy Policy applies to Inkpay Pty Limited (ABN 87 633 926 039), Inkpay (NZ) Limited (company number: 8007490) and their affiliates and related companies, (together Inkpay, we, us, or our).  

At Inkpay, we are committed to protecting your privacy.

This Privacy Policy has been developed in compliance with:

  • Privacy Act 1988 (Cth) (Australian Privacy Act) and the Australian Privacy Principals (APPs) made under that Act; 
  • Privacy Act 1993 (NZ) (NZ Privacy Act) and the Information Privacy Principles (IPPs) that are set out within that Act; and
  • Data Protection Act 2018 (UK) (UK Data Act) UK’s implementation of the General Data Protection Regulation (GDPR).

The term Privacy Act means, in respect of Inkpay Pty Limited, the Australian Privacy Act; and in respect of Inkpay (NZ) Limited, the NZ Privacy Act. 

This Global Privacy Policy describes our policies and practices in relation to how we collect, store, use and disclose your personal information. It also explains how you can complain about a breach of the privacy laws, how you can access the personal information we hold about you, and how to have that information corrected. By ‘personal information’, we mean any details which can be used to identify you.

For personal data processed under this Privacy Policy, Inkpay is the “Data Controller” and responsible for your personal data collected through our website (the “website”) and Inkpay app (the “app”). 

You are agreeing to the terms and conditions set out in this policy by visiting our site.

What personal information do we collect?

During the registration process and/or when a customer makes a purchase, we ask customers for:

  • Full name, address, email address, phone number, gender, and date of birth.
  • Identification information e.g. Driver’s Licence or Passport information so we can identify you. We use third parties to check your information against government and other records, and we may also collect your personal information from Stripe.
  • Employment and financial information e.g. whether you are employed, what industry you work in, and information about your financial situation e.g. how much you earn. This is to assess whether you can offer you Inkpay services.
  • Payment information e.g. credit card, debit card or bank account number, and the account or cardholder’s name. When you give us payment information, it is securely collected and stored by the third-party payment processor we use.

We may collect a customer’s personal information from third parties such as:

  • Organisations who help us verify customers’ identity, such as Stripe e.g. driver’s licence or passport information and other ‘know your customer’ information.
  • Tattoo studios, for example when they give us details of your purchase e.g. your name, the purchase amount, what the tattoo is and its size and position. We generally confirm these details with you before you accept a payment plan. Studios are independent to us; may have their own privacy policies and we are not responsible for their actions including privacy practices.
  • Customers can update their information in their online account or mobile app, as well as agree to payment plans, view plan details, and make payments. We may also collect personal information from customers in other ways e.g when customers contact us or respond to surveys or sign up for newsletters or promotions.
  • We also collect the personal information of studios when they register. This can include the names of staff, payment information and the studio license or government certificates.

Access to your personal data by third parties 

We may share and disclose information about you to third parties as required to achieve the purpose for which it was collected by our business or as required or permitted by law. We may disclose your personal information to:

  • Merchants with whom we partner and from whom you purchase goods and services using our instalment plan. The information we share will not include your financial or credit information but may include information about a complaint you have raised with us about your Inkpay account or your purchase or service from the merchant;
  • Our corporate partners, contractors or developers (such as contact centers, software developers or mailing houses) who assist us in providing, managing or administering your Inkpay product or service (including promotions) or who maintain and develop our business systems, procedures and technology infrastructure;
  • Our related entities and their officers and employees;
  • Debt collection agencies;
  • Fraud reporting agencies including organisations that assist with fraud investigation, prevention and detection;
  • Third parties for the purpose of verifying the information that you have provided (eg to confirm your employment details including salary or wages);
  • Other third parties, where such disclosure is required, authorized or compelled by law such as government and regulatory bodies like ASIC or AUSTRAC to the extent required by law; and
  • Other third parties where you have given your consent or at your request.

Inkpay will take the required contractual, technical, and organisational measures to ensure that your personal data are only processed to the extent that such processing is necessary. If your personal data is transferred to another party that does not provide an adequate level of protection for personal data, Inkpay will conclude agreements with the relevant third parties involved, limiting the purposes for which your personal data can be used and disclosed, and requiring your personal data to be appropriately safeguarded.

If appointed and acting in their official capacity as a personal representative, a Power of Attorney, Accountant, Lawyer, are permitted to access your account information if requested. Other third parties permitted under this policy to access your information include governmental and regulatory bodies to whom we must disclose information under applicable law/direction. Considering this privacy policy, strictly no other financial service providers will be able to directly request any personal information held by Inkpay unless court ordered or directed by governmental and regulatory bodies.

How we use and disclose your personal data

The main purpose for which we collect, store, use and disclose personal information is to provide payment instalment plans to customers of tattoo studios. 

To make it easier for you, we have described why we will process your personal data and which categories of personal data we use for that purpose down below


Creating accounts and registering new clients

Data required: Identity data and Contact data

Basis for data usage: Fulfilling contractual obligations

Processing, tracking, and delivering order (including payments)

Data required: Identity data, Financial Data, Transaction data and Contact data

Basis for data usage: Fulfilling contractual obligations, Recover debt obligations, Verify your identity and Automated fraud detection and prevention 

To manage our relationship with you, including notifying you about changes to our services, terms and conditions or privacy notice; asking you to leave a review or take a survey.

Data required: Identity data, Financial Data, Transaction data, Profile data, Marketing data, Communications data and Contact data

Basis for data usage: Fulfilling contractual obligations, Necessary for our legitimate interest in being able to contact you in the most effective way to manage your account and keep your records updated 

Perform screening against lists of persons subject to sanctions

Data required: Identity data, Financial Data, Transaction data, Profile data, Transaction data, External sanction lists and Pep lists

Basis for data usage: To comply with legal requirements, protect Inkpay from legal claims and enforce Inkpay’s legal rights.

Perform debt collection services, i.e. to collect debt

Data required: Identity data, Financial Data, Transaction data, Profile data, Marketing data, Communications data and Contact data

Basis for data usage: Fulfilling contractual obligations and to manage your account with Inkpay such as sending you notices, statements or processing transactions or any debt collection activities where necessary.


Improving our website / app, including troubleshooting, data analysis, system maintenance and product testing (improve our risk and fraud models)

Data required: Identity data, Financial Data, Transaction data, Profile data, Marketing data, Communications data and Contact data.

Basis for data usage: Necessary for our legitimate interest (To assist operations of our business, provision of administration, IT services, network security, and to detect and prevent fraud) and to comply with legal obligations

Anonymise personal data to examine customer behaviour

Data required: Identity data, Financial Data, Transaction data, Profile data, Marketing data, Service specific data, Device data and Contact data.

Basis for data usage: Necessary for our legitimate interest (product, improvement and product testing)

Delivering relevant website content, online advertisements, and information

Data required: Identity data, Financial Data, Transaction data, Profile data, Marketing data, Service specific data, Device data and Contact data.

Basis for data usage: Necessary for our legitimate interest (product, improvement and product testing)


Recommending products, special offers and discounts that may be of interest to you

Data required: Identity data, Financial data, Usage data, Profile data, Marketing data, Communications data, Technical data and Contact data.

Basis for data usage: Necessary for our legitimate interest (product, improvement and product testing)

How we store and protect personal information

We store the information we collect in secure data centres, at our premises or those of our service providers including Stripe. We strive to maintain the relevance, reliability, accuracy, completeness and currency of the personal information we hold and to protect its privacy and security. We keep personal information only for as long as is reasonably necessary for the purpose for which it was collected or to comply with any applicable legal or ethical reporting or document retention requirements. This will be for as long as a person has instalments we are collecting and may be for 7 years after that to comply with legal requirements and to ensure clarification of any questions.

We strive to ensure that the personal information is safe by using a range of physical and electronic security measures to protect it from misuse, interference, loss, unauthorised access, modification, or disclosure.

International Border Disclosure

When you submit personal information to Inkpay, you expressly agree and consent to the release, transfer, storing or processing of your personal information outside of Australia. In delivering consent, you recognise and acknowledge that some countries outside Australia do not always have the same privacy protection obligations as Australia in relation to personal information. We will take reasonable steps to ensure that your information is used by third parties securely and in accordance with the terms of this Global Privacy Policy.

In addition, we may utilise overseas IT services, such as data storage facilities. In such cases, we may own or control such overseas infrastructure, or we may have entered contractual arrangements with third party service providers to assist Inkpay with providing our services to you. As we utilise international IT Services and platforms which can be accessed from various countries via an Internet connection, it is not always practicable to know where your information may be held.

If you do not agree to the disclosure of your personal information outside Australia by Inkpay, you should (after being informed of the international border disclosure) not proceed with the creation of your account, or if already created, please advise Inkpay at [email protected].


Inkpay would like to send you information about products and services of ours that we think you might like, as well as those of our partner companies. If you have agreed to receive marketing, you may always opt out later. 

You have the right at any time to stop Inkpay from contacting you for marketing purposes or giving your data to other members of the Inkpay Group. Email us at [email protected].

What are your data protection rights?

  1. Right to be informed: You have the right to be informed about the collection and use of your personal data. This information is set out in the terms of our Privacy Policy.
  2. Right of access: You may request information from Inkpay at any time as to whether Inkpay has stored your personal data and which personal data it has stored. We are required to provide this information to you free of charge.
  3. Right to rectification: If your personal data stored by Inkpay is inaccurate or incomplete, you have the right to demand at any time that we correct the information.
  4. Right to restriction of processing: You have the right to demand that Inkpay restrict the processing of your personal data.
  5. Right to object to processing: If you're based in the UK, and If your data is processed by Inkpay based on Article 6 (1) (f) GDPR, you may object at any time to processing by Inkpay. You may assert all of the rights of data subjects described above against Inkpay by addressing your specific requests by contacting our Privacy Officer via [email protected].
  6. Right to lodge a complaint with a data protection supervisory authority: If you're based in the UK, Pursuant to Article 77 GDPR, you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data infringes data protection law. Email us at: [email protected].
  7. Right to erasure: You have the right to demand that Inkpay erase your personal data if and to the extent that the data is no longer needed for the purposes for which it was collected or if the data is processed based on your consent and you have opted to revoke your consent. In such cases, Inkpay must cease processing your personal data and remove that data from its IT systems and databases.

You do not have a right to erasure if:

  1. The data may not be deleted due to a statutory obligation; and
  2. The processing of data is necessary for the establishment, exercise, or defence of legal claims.


Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our websites, we may collect information from you automatically through cookies or similar technology. For further information, visit

There are a few different types of cookies, however, our website uses:

  • Strictly Necessary – These cookies are required for the operation of our website.
  • Functionality –These cookies are used so that we recognize you on our website and remember your previously selected preferences. 
  • Advertising –These cookies are used to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and your IP address.

You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.


Links to other Website and Applications

Our website currently contains links to the social media providers: Facebook, Twitter, YouTube, and Instagram via the relevant social media buttons. These websites, applications and tools are not owned or operated by us. We are not responsible for the content of those websites, applications, or tools, nor for any products, services or information contained in them or offered through them. 


You should review the privacy policies and terms and conditions of use of those websites, applications, and tools when you visit them. We do not endorse, recommend, condone, or represent the companies or any content on any third party linked website and may terminate the link at any time.


PCI DSS Policy

For security purposes, Inkpay does not hold your full debit or credit card data. We use a gateway provider to process payments. Our payment gateway provider is Stripe, and they have been certified by a PCI auditor as Level 1 provider. This is the most stringent level of certification available in the payments industry.


Identity Verification

We use Stripe for identity document verification. Stripe collects identity document images, facial images, ID numbers and addresses as well as information about the devices that connect to its services. Stripe shares this information with us and uses this information to operate and improve the services it provides, including for fraud detection. You may also choose to allow Stripe to use your data to improve Stripe’s biometric verification technology. You can learn more about Stripe and read its privacy policy at

Global Privacy Provisions

As we process personal information of data subjects inside the European Economic Area (EEA), we are bound by Regulation (EU) 2016/679, the General Data Protection Regulation (GDPR). The purpose of the data protection information is to provide understanding, transparency, and a concise explanation of how we intend to process your personal data in accordance with Articles 13 and 14 of the EU General Data Protection Regulation (GDPR). 

Changes to this privacy notice

We reserve the right to make amendments to this Privacy Policy at any time. If you have objections to the Privacy Policy, you should not access or use our site, app, or services. If there are any significant changes we will post updates on our website, applications or let you know by email.

Making a complaint

If you have any concerns about whether we have complied with the Privacy Act, the Australian Privacy Principles, or this Global Privacy Policy, please contact us at [email protected].

Australia Privacy Regulator

If your complaint is not resolved and you are based in Australia, you may refer your privacy regulator - The Office of the Australian Information Commissioner.  The Australian Regulator for privacy can be contacted by the following:

The Office of the Australian Information Commissioner(OAIC)


E: [email protected] 

P: 1300 363 992

New Zealand Privacy Regulator

If you're dissatisfied with the handling of your complaint, you may make a complaint to the Office of the Privacy Commissioner through the following contact details:

Office of the Privacy Commissioner (OPC)


E: [email protected]

P: 0800 803 909

United Kingdom Privacy Regulator 

If you’re based in the UK, you also have the right to make a complaint to the United Kingdom Privacy regulator. The regulator in the United Kingdom is the Information Commissioner's Office (ICO). If you are looking to make a complaint, please see the contact details below:

Information Commissioner's Office (ICO).


P: 0303 123 1113

Contacting us

We welcome your comments regarding privacy. If you have any questions or concerns, please contact our nominated representative and Data Protection Officer Bill Richards – [email protected].