By using covidpass.com.au you confirm you have read, understand and agree to this privacy policy and terms of use.

covidpass.com.au has established this Privacy Policy to explain how it protects and manages the personal information that it collects from you (business owner and/or user) online. (LAST UPDATED JULY 2020).
This Privacy Policy is directed at business owners which have registered as users of covidpass.com.au (“registered business”), and visitors to a registered business who provide certain personal information as a condition of entry to the business premises (“visitors”).
Registered businesses should also ensure that they have their own privacy policies in place, and that those policies are consistent with this Privacy Policy in relation to the handling of visitors’ information.

1. Type of information collected.  By using covidpass.com.au, at the time of your sign on and/or registration to covidpass.com.au you may be required to provide personal information.  If you are a registered business, you will be required to provide business details (“registration information”) which may include identifying information relating to individuals associated with the business.  If you are a visitor, you will be required to provide your contact details (“personal information”) and, depending on the answers to questions determined by the business and generated by covidpass.com.au, health information (also known as “sensitive information”).  If you are a business and do not consent to the collection of registration information in this way, you cannot become a registered business and covidpass.com.au is unable to provide you with any services; if you are a visitor and do not consent to the collection of your personal and sensitive information in this way, a registered business may refuse you entry to its premises.

2. Why information is collected. Personal information collected by covidpass.com.au may relate to a business or a visitor. The purposes of collection are set out below (“Identified Purposes”).
In the case of a business, covidpass.com.au collects, at the time of your registration and your sign-on to its web site, certain registration information which may comprise “personal information” (information that personally identifies an individual associated with the business).  This may include, for example, an individual’s name, email address, home or work address, telephone number, and information about your computer hardware and software (e.g., IP address, operating system, browser type, domain name, URL, access times, and referring web site addresses). covidpass.com.au has implemented this Privacy Policy to protect personal information received from registered businesses so that covidpass.com.au can provide its services to that business. covidpass.com.au will not provide this personal information to third parties for any purpose other than those employees, agents or contractors engaged to support and or maintain covidpass.com.au core systems and services.
In the case of a visitor, covidpass.com.au collects personal information which you volunteer as a condition of gaining entry to the premises of a registered business.  You will be required to provide your name, email address and phone number, and to answer a series of questions.  You understand that the information which you provide will be used for the purpose of determining whether a digital pass to the business premises will be generated, and with the exception of specific health information (which will be regularly deleted) for the broader purpose of creating a permanent record of which individuals have attended the premises.  The information may be disclosed to authorities if there is a legal obligation to do so.  You are not required to answer any questions but if you do not, a digital pass may not be generated and the registered business may refuse you access to its premises.”

covidpass.com.au limits its collection of personal information to only that information which is necessary for delivering covidpass.com.au core functions described above.

3. How information is collected flows through covidpass.com.au. You can use covidpass.com.au in two ways, as a registered business owner or as a visitor.

Businesses.
In the case of a business, covidpass.com.au securely stores the information you enter at registration. This allows the provision of a QR display sign that the business can print and display at their premises.
A business which has upgraded to a paid membership can login to the secure portal via CovidPass.com.au and:
-Create/modify their screening questions, fields and tick box disclaimer fields
-Modify the details shown on their QR Display Sign
-Receive a red pass email notification
-View the data that visitors have submitted via their QR Display Sign, but only to the extent permissible under applicable privacy legislation.  For the avoidance of doubt, personal information about a visitor may only be accessed by the business in connection with the original reason for collection.
-By upgrading your account to a paid membership, covidpass.com.au allows you to enter a nominated card for payment. You confirm you are legally authorised to use the card you enter for payment and agree/authorise covidpass.com.au to debit your nominated card as per the payment terms on the subscription plan you select. You understand you can cancel your paid membership at any time via "my account" which will cease any future debits. You will have continued access to your account in for the remainder of your subscription period, no refunds will be issued for any reason.
-Covidpass.com.au does not warrant that the service will be error-free. To the extent permitted by law, all express and implied warranties are excluded. You acknowledge that you have had an opportunity to evaluate the service and are making an informed decision to enter into this arrangement. Notwithstanding the foregoing, no attempt is made to exclude or limit any warranties, guarantees or liability implied by statute which cannot lawfully be excluded or limited. In relation to consumer guarantees implied by the Australian Consumer Law, our liability is limited to the resupply of any defective service.
-As a business who registers to use covidpass.com.au, it is your responsibility to ensure that you obtain effective consent from visitors to your collection of their personal information (including health data) and for the storage of that information by our company.
-As a business who registers to use covidpass.com.au, it is your responsibility to ensure that your screening questions and the relevant information you collect through the service complies with any government order or requirement.
-The business agrees to use covidpass.com.au in accordance with all laws and agrees not to share access to your account with any third party.

Visitors.
Visitors who scan this QR display sign with their phone are redirected to a webpage where they are asked to answer screening questions and provide their contact information.
When a visitor submits this information, it is securely stored on CovidPass.com.au web server so the system can generate a digital pass which can be presented at the premises containing a copy of the information the visitor entered.  A copy of their digital pass may also be emailed to the visitor at time of issue.
By using covidpass.com.au as a visitor, you consent to your information being sent to/stored by covidpass.com.au on behalf of authorised representatives of the business who created the business QR display sign that you scan, for the purpose of generating your digital pass and maintaining records. You consent to covidpass.com.au and the relevant registered business using your information for these purposes.

General.
Covidpass.com.au does not direct its site to, nor does it knowingly collect any personal information from children under the age of 18yrs.
When you visit the covidpass.com.au web site, a cookie may be placed on your computer or the cookie may be read if you have visited the covidpass.com.au site previously. covidpass.com.au uses cookies to allow us to determine which products and services you may be interested in so that covidpass.com.au does not provide redundant information to you. If you choose to not have your browser accept cookies from the covidpass.com.au web site, you may not be able to view all the text on the screens, or to experience a personalised visit, or to subscribe to certain service and product offerings on the covidpass.com.au site.

4. Disclosure. covidpass.com.au does not sell, rent or disclose your personal information to anyone else, except: (a) to covidpass.com.au’s employees, independent contractors, subsidiaries, affiliates, consultants, business associates, service providers, suppliers and agents, acting on covidpass.com.au’s behalf for any of the Identified Purposes; (b) as necessary if covidpass.com.au has reason to believe that disclosure is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference (either intentionally or unintentionally) with covidpass.com.au’s rights or property, to protect other users of covidpass.com.au’s web site, products or services, or to protect anyone else that could be harmed by such activities; and (c) to respond to judicial process and to provide information to law enforcement agencies or in connection with an investigation on matters related to public safety, as permitted by law, or otherwise as required or authorised by law, including without limitation the mandatory use of covidpass.com.au by any State or Territory government API for contact tracing purposes.
In addition, as we continue to develop our business, we or our affiliates may sell or buy other businesses or entities, or we may merge with another company. In such transactions, personal information may be one of the transferred business assets.

In accordance with the Australian Privacy act and the Australian Privacy Principles, covidpass.com.au stores information submitted via screening forms strictly on Australian based secure web servers located in Sydney.

5. Retention. After your account/registration becomes inactive (that is, if you request to be removed from our database), covidpass.com.au will keep your personal information in its archives to the extent that this is necessary for tax reasons or to prove covidpass.com.au’s compliance with any applicable law.  Subject to the foregoing, health information will be retained only for a period 28 days in all states other than QLD, and 56 days in QLD.

6. Accuracy of Personal Information. covidpass.com.au will use reasonable efforts to keep customer personal information accurate for the Identified Purposes, up to date and complete. Customers are responsible for informing covidpass.com.au about changes to their personal information. You can assist in this regard by sending an email to This email address is being protected from spambots. You need JavaScript enabled to view it. covidpass.com.au will use new or updated personal information it receives from customers to update its own records.

7. Security Safeguards. covidpass.com.au takes such steps as are reasonable to protect personal information from misuse, interference and loss, and from unauthorized access, modification or disclosure.  covidpass.com.au has undertaken a documented Privacy Impact Assessment to confirm that it has adopted appropriate methods to protect customers’ personal information.

8.Access to and correction of Personal Information. Whether you are a business or a visitor, covidpass.com.au will afford you a reasonable opportunity to access and (if necessary) correct the personal information which we hold about you, if you so request by emailing This email address is being protected from spambots. You need JavaScript enabled to view it..  This is consistent with covidpass.com.au’s obligations under the Privacy Act 1988. For the avoidance of doubt, this does not entitle you to access personal information relating to others.  If covidpass.com.au is entitled by law to deny access to some aspect of your personal information, it will provide reasons for denying access and also provide you with particulars of mechanisms available to you if you wish to complain about our refusal.
If you request the correction of personal information which you consider to be inaccurate, we will take such steps as are necessary to rectify that information so that it is accurate, up-to-date, complete, relevant and not misleading.  If we consider there are lawful grounds  for not rectifying information as requested, we will advise you accordingly and also inform you of mechanisms available to you to complain about our refusal.

9. Complaints.  covidpass.com.au is owned and operated by Ungrind Pty Ltd, P.O. Box 7081 Penrith South, NSW 2750 Australia. If you have a complaint or query about the manner in which we are handling your personal information, you may contact us at this address and we shall respond to you as soon as possible.  If you are not satisfied with the manner in which we handle a complaint, you should seek legal advice, or alternatively lodge a complaint direct with the Office of the Australian Information Commissioner (OAIC).  We will cooperate with any inquiry instigated by the OAIC.

10. Termination. covidpass.com.au reserves the right to terminate any account where any unlawful use, or any use that may be deemed offensive or has the potential to cause any harm is identified without notice.

11. Disclaimer.  Covidpass.com.au does not purport to provide medical advice.  It is designed to alert users as to whether they have symptoms which, based on published materials, are consistent with COVID-19.  covidpass.com.au does not represent that its service provides a medical diagnosis, but rather it provides an indication of whether a person has symptoms which, according to published information, are consistent with the virus.  The fact that a visitor is issued with a digital pass by covidpass.com.au does not guarantee that the visitor is free of the virus.  If you experience symptoms commonly associated with COVID-19, you should immediately consult a medical practitioner.


Privacy Policy & Terms Of Use | Responsible VDP