As the supplier of the Program, we recognise the importance of your privacy and understand your concerns about the security of the personal information you provide to us.
In the course of doing business with you, the collection of personal information in some instances is necessary or unavoidable. We are committed to protecting the privacy of all personal information that we collect and ensuring that your personal information is handled correctly.
All personal information collected by us will be treated in accordance with the Australian Privacy Principles (“APPs”) as contained in the Privacy Act 1988 (Cth). The APPs detail how personal information may be collected, used, disclosed, stored and destroyed, and how an individual may gain access to or make complaints about the personal information held about them.
This policy details the type of personal information we collect from our customers, how we manages personal information about you, with whom we may share it and the choices available to you regarding our use of the information. We also describe the measures we take to safeguard your personal information and tell you how to contact us regarding our privacy practices.
What types of personal information do we collect and hold
“Personal information” is information or an opinion about an identified individual, or about an individual who is reasonably identifiable, whether true or not, and whether recorded in a material form or now. Information where we have removed any reference to a person, so that the person cannot be reasonably identifiable from the information, is not personal information.
The kinds of personal information that we may collect and hold from you or about you include:
- Contact information, such as your name, postal address, e-mail address and telephone number;
- Date of birth and gender;
- Account information such as username, password and transaction history;
- Bank account details;
- Information concerning your interests, buying habits and product preferences; and
- Any other personal information submitted to us by you.
We do not collect sensitive information (such as relating to your ethnic origin, religious or philosophical beliefs, membership of a political or trade association, sexual preferences or health), and would not do so without your consent.
When you browse our website or contact us electronically, we may record geographical tagging, cookies and statistical data. This may include your IP address, date and time of your visit, operating system, language preferences, device characteristics, pages visited, information downloaded and type of browser used to access the website.
We use this information to help us to make decisions about maintaining and improving our website and online services.
While our website may contain links to other websites with the exception of our related entities, those websites are not subject to our privacy standards, policies and procedures. We recommend that you make your own enquires as to the privacy policies of these third parties and we are in no way responsible for the privacy practices of these third parties.
How we collect and hold personal information
We aim to collect personal information only directly from you, unless it is unreasonable or impracticable for us to do so. For example, we collect personal information from you or about you from information you submit to us when:
- You apply for or request a product or service;
- When you participate in our call centre marketing campaigns, competitions or surveys;
- When you respond to our advertising and direct mail;
- You provide information to us via email or telephone; and
- When you have other dealings with us.
However, in some circumstances, it is necessary for us to collect personal information through third parties or from a source of publicly available information.
If we receive personal information that we have not requested (unsolicited information) and we determine that we could not have collected that information under the APPs if we had requested it, then we will destroy or de-identify the information if it is lawful and reasonable to do so.
Why we collect, hold, use and disclose personal information
We collect, hold, use and disclose personal information from you or about you where it is reasonably necessary for us to carry out our business functions and activities and as necessary to provide our services to you. We also collect, hold, use and disclose your personal information for related purposes that you would reasonably expect, such as our administrative and accounting functions For example, we may use the information obtained from you:
- To process your application for service and to establish and manage your account or facility, and carry out transactions you wish to make;
- To provide requested services to you, and bill you for our services and collect overdue payments;
- For our research and development of new products and services;
- For training, quality control and verification purposes (including monitoring and recording your telephone conversations with us from time to time);
- To communicate our related company’s or a third party’s marketing offers to you (when making the offer we will let you know how you may stop receiving any further marketing offers);
- Respond to and communicate with you about your requests, questions and comments;
- Protect against, identify and prevent fraud and other criminal activity, claims and other liabilities; and
- Comply with and enforce applicable legal requirements, relevant industry standards and our policies.
If we do not collect, hold, use or disclose your personal information, or if you do not consent, then we may not be able to answer your enquiry, complete the transaction you have entered into, or provide our services to you to the best of our ability.
How we hold and protect personal information
Your personal information is held and stored on paper, by electronic means or both. We have physical, electronic and procedural safeguards in place for personal information and take reasonable steps to ensure that your personal information is protected from misuse, interference, loss and unauthorized access, modification and disclosure.
We store personal information in a combination of secure Australian based computer storage facilities and paper based files and other records. We use industry accepted and compliant technology and security so that we are satisfied that your information is transmitted safely to us through the internet or other electronic means.
We also employ the following measures in order to safeguard your personal information:
- Data held and stored on paper is stored in lockable offices and in secure premises;
- Data held and stored electronically is protected by internal and external firewalls, limited access via file passwords, and files designated read-only or no access;
- Data held and stored “in the cloud” is protected by internal and external firewalls, limited access via file passwords and files designated read-only or no access. We also require our IT contractors and other third parties to implement privacy safeguards;
- Where we disclose personal information to third parties (including contractors and affiliated businesses located locally and overseas), our contractual arrangements with them include specific privacy requirements; and
- Our staff receive regular training on privacy procedures.
Destruction and De-identification
We will retain your personal information whilst it is required for any of our business functions, or for any other lawful purpose.
We use secure methods to destroy or to permanently de-identify your personal information when it is no longer needed:
- Paper records are shredded or destroyed securely; and
- Electronic records are deleted from all locations, to the best of our ability, or encrypted and/or placed beyond use.
Disclosure of Information
We respect the privacy of personal information and will take reasonable steps to keep it strictly confidential.
We may share the information you provide with companies that are related us, through common ownership (including other affiliated companies within or outside Australia).
We will disclose personal information to third parties if it is necessary for the primary purpose of collecting the information, or for a related secondary purpose, if the disclosure could be reasonably expected. Where such a disclosure is necessary, we will require that the third party undertake to treat the personal information in accordance with the APPs.
Generally, we may disclose personal information about you in the following circumstances:
- Where we have contracted an external organisation to provide us with support services. This may include but is not limited to processing applications or orders, marketing support, deliveries, market research and debt collection. These service providers may be within or outside Australia;
- To comply with our legal obligations (we notify you any time we are required to produce information in this way unless we are prohibited by court order or law or there is suspicion of fraud and/or criminal activity);
- Where we suspect that unlawful activity has been or may be engaged in and the personal information is a necessary part of our investigation or reporting of the matter; or
- Where organisations cooperate with us in offering products and services such as co-brand partners (we will notify you of that disclosure and obtain your consent on the application form).
We may share information about you with affiliated joint marketing partners and/or third parties whose products or services may be of interest to you. These third parties may contact you directly about their products and services in order to provide continuous improvement to the Program.
Where we use your personal information for marketing and promotional communications, you can opt out at any time by notifying us. Opt out procedures are also included in our marketing communications. If you do not want us to use your information for marketing purposes, or share your information with related companies for their own marketing purposes, please notify us by sending an email to the contact email listed below.
Otherwise, we will only disclose your personal information to third parties without your consent if the disclosure is:
- Necessary to protect or enforce our legal rights or interests or to defend any claims;
- Necessary to prevent or lessen a serious threat to a person’s health or safety;
- Required or authorised by law; or
- Permitted by another exception in the Privacy Act.
Where we wish to use or disclose your personal information for other purposes, we will obtain your consent.
We impose strict requirements of security and confidentiality on all third parties as to how they handle personal information. We provide our outside contractors both locally and internationally, and retail affiliates only with information they need to perform their services – they are not permitted to use the information for any purpose except to provide the service to us. The Privacy Act also strictly controls the information we exchange with credit reporting agencies.
Additional information regarding Credit/Payment Information
The types of credit information that we collect and use for the purpose of collecting payments and/or making payments include:
- Names, addresses and other contact details of accountholders (both prospective and current);
- Bank account details;
- Driver’s licence details; and
- Financial information.
We do not disclose credit information to credit reporting bodies.
Requests for access and correction
We have procedures in place for dealing with and responding to requests for access to, and correction of, the personal information held about you.
In most cases, we expect that we will be able to comply with your request. However, if we do not agree to provide you access or to correct the information as requested, we will give you written reasons why. For example, a request to access personal information may be rejected if:
- The request is frivolous or vexatious;
- Providing access would have an unreasonable impact on the privacy of another person;
- Providing access would pose a serious and imminent threat to the life or health of any person;
- Providing access would prejudice our legal rights; or
- There are other legal grounds to deny the request.
To assist us to keep our records up-to-date, please notify us of any changes to your personal information.
Complaints and Concerns
We have procedures in place for dealing with complaints and concerns about our practices in relation to the Privacy Act and the APPs. We will respond to your complaint in accordance with the relevant provisions of the APPs.