Current as from the 29th of October, 2020.
The Australia Privacy Principles
We will treat all personal information in accordance with any and all obligations that are binding upon us under the Privacy Act 1988 (Cth) (“Privacy Act”). The Privacy Act lays down 13 key principles in relation to the collection and treatment of personal information, which are called the “Australian Privacy Principles”.
How do we collect your personal information?
‘Personal information’ means any details about you, from which your identity is apparent or can be uncovered, including (but not limited to) your:
- name and date of birth;
- residential and business postal addresses, telephone/mobile/fax numbers and email addresses;
- any information that you provided to us by you during your account creation process or added to your user profile;
- bank account details;
- preferences and password for using this site and your computer and connection information; and
- any information that you otherwise share with us.
Generally, we collect your personal information directly from you through our website and mobile application by the following means:
- When you sign up with us, we ask you for the information we need to provide you with our service and verify your identity. This can include your name, email address, and identity details e.g. your drivers’ licence. We will also ask you for your payment information.
- If you link your financial accounts, we will collect account details and transactional information from those accounts. We will only collect and store your personal information from these accounts if it is contained in these accounts (e.g. if your name is in a transaction record).
Generally, we will not collect sensitive information about you unless we required to do so by law or unless you provide consent. Sensitive information includes information about your race or ethnicity, political opinions, religious beliefs, criminal record, sexual information, health or biometric information.
We may collect personal information about you from other people or organisations where it is not reasonable or practicable for us to collect the information directly from you. Examples of how we may do this include collecting your personal information from:
- Our own records;
- Organisations who help us verify your identity (such as Rapid ID or Fabric);
- Other organisations, service providers or business partners who provide you with products or services along with us; and
- People who refer you to us e.g. your friend may send us your name and contact information.
The purposes for which we manage your personal information
The main purpose for which we collect, store, use and disclose personal information is to provide our service.
Other purposes for which we do this include to:
- Verify your identity which we may be required to do by the Anti-Money Laundering and Counter-Terrorism Act 2006 (Cth);
- Provide you with information about ours products or services, or those of other organisations. If we send you marketing, we will always give you the option to unsubscribe at any time by notifying us that you wish to do so;
- Perform internal functions such as administration, accounting and information technology system requirements;
- Refer you to other organisations, service providers or business partners;
- Comply with legal and regulatory requirements, and prevent fraud or crime; and
- Help us improve our services, develop our products and conduct research.
We will communicate with you electronically unless you tell us that you do not wish to receive electronic communications. If you do not wish to receive electronic communications, we won’t be able to provide our service to you as it is an electronic service.
To whom will we disclose your personal information?
- Organisations who help us verify your identity (such as Vix Verify);
- Our agents and contractors who supply services to us e.g. our data storage providers;
- Other organisations, service providers or business partners whom we consider may provide services or products you would find useful. You may opt out of this service at any time by getting in contact with us;
- Other companies in the event of a corporate sale, merger, reorganisation, dissolution or similar event;
- Regulatory bodies, government agencies or law enforcement bodies; and
- Anyone else to whom we are permitted to provide information by law.
We use the information we collect from our customers to create aggregated information. Aggregated information only contains anonymised personal account information or data; it does not contain information that could be used to identify you. Examples of aggregated information might include de-identified information about our customers, their responses to polls or questionnaires, or de-identified information about the transactions they make.
We may use, sell, license, redistribute and disclose de-identified, aggregated information to third parties such as to commercial and charitable organisations to allow them to understand the needs of their consumers, to plan their marketing and build strategic plans or for research purposes.
What if you don’t provide some personal information to us?
If you do not provide us with some or all of the personal information that we ask for, we may not be able to provide you with our services.
How do we store and protect your personal information?
Data that we collect about you may be stored or otherwise processed by third party services with data centres based outside the Australia and/or the European Union, such as Google Analytics, Microsoft Azure, Amazon Web Services, Apple, etc and online relationship management tools. We consider that the collection and such processing of this information is necessary to pursue our legitimate interests in a way that might reasonably be expected (eg, to analyse how you use our services, develop our services and grow our business) and which does not materially impact your rights, freedom or interests.
We require that all third parties that act as “data processors” for us provide sufficient guarantees and implement appropriate technical and organisational measures to secure your data, only process personal data for specified purposes and have committed themselves to confidentiality.
We are committed to maintaining the confidentiality of the information that you provide us and we will take all reasonable precautions to protect your personal information from unauthorised use or alteration. In our business, personal information may be stored both electronically (on our computer systems and with our website hosting provider) and in hard-copy form. Firewalls, anti-virus software and email filters, as well as passwords, protect all of our electronic information. Likewise, we take all reasonable measures to ensure the security of hard-copy information.
We keep your personal information only for as long as is reasonably necessary for the purpose for which it was collected, which is generally only as long as you are a customer of ours, then we delete your personal information. We keep de-identified and aggregated information for as long as we may need it.
We welcome the General Data Protection Regulation (“GDPR”) of the European Union (“EU”) as an important step forward in streamlining data protection globally. Although we do not operate an establishment within the EU and do not target any offering of services towards clients in the EU specifically, we intend to comply with the data handling regime laid out in the GDPR in respect of any personal information of data subjects in the EU that we may obtain.
The requirements of the GDPR are broadly similar to those set out in the Privacy Act and include the following rights:
you are entitled to request details of the information that we hold about you and how we process it. For EU residents, we will provide this information for no fee;
you may also have a right to:
have that information rectified or deleted;
restrict our processing of that information;
stop unauthorised transfers of your personal information to a third party;
in some circumstances, have that information transferred to another organisation;
lodge a complaint in relation to our processing of your personal information with a local supervisory authority; and
where we rely upon your consent as our legal basis for collecting and processing your data, you may withdraw that consent at any time.
If you object to the processing of your personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations. However, please be aware that:
such objection or withdrawal of consent could mean that we are unable to provide our services to you, and could unduly prevent us from legitimately providing our services to other clients subject to appropriate confidentiality protections; and
even after you have chosen to withdraw your consent, we may be able to continue to keep and process your personal information to the extent required or otherwise permitted by law, in particular:
to pursue our legitimate interests in a way that might reasonably be expected as part of running our business and which does not materially impact on your rights, freedoms or interests; and
in exercising and defending our legal rights and meeting our legal and regulatory obligations.
What about your financial information?
You pay for our service through a secure service and we will not collect or store the payment information (e.g. credit card or bank account number) that you give us for payment.
What information does our website and app collect?
Anonymous data – We collect anonymous information about the use of our website and mobile app, e.g. our service provider logs your server address when you browse our website, as well as the date and time of your visit, the pages and links accessed and the type of browser used or our mobile app may log your location. We do not use this information to identify you personally (except in exceptional circumstances e.g. fraud or cyberattack) and we use this information for statistical purposes, to improve the content and functionality of our service, and to better understand our users. However, we may disclose your IP address to regulatory bodies, government agencies or law enforcement bodies (including AUSTRAC).
Cookies – In order to collect this data we may use “cookies”. Cookies are small pieces of information which are sent to your browser and stored on your computer’s hard drive. Sometimes they identify users where the website requires information to be retained from one page to the next. This is purely to increase the functionality of the site. Cookies by themselves cannot be used to discover the identity ofthe user except they may collect your IP address and we may disclose this to bodies as discussed above .Cookies do not damage your computer and you can set your browser to notify you when you receive a cookie so that you can decide if you want to accept it.
Information you post on our website – Information you send to us by posting to a forum or blog is stored on our servers. We do not specifically use that information except to allow it to be read.
Other information you provide through our website or app – We will collect the personal information that you provide to us through our website or app.
How can you check, update or change the personal information we are holding?
You have the right to:
Request access to your personal information and to ask us to correct or erase it;
Request us to restrict the way we manage your personal information, e.g. if you dispute its correctness;
Request us to transfer your data to another entity; and
Object to us managing your personal information at any time, e.g., you may withdraw any consent you have given us about how we manage and use your personal information. This does not invalidate any earlier permitted use we have made of your information.
If you wish to access or correct your personal information please write to us by email at the contact details shown below.
Upon receipt of your written request and enough information to allow us to identify the information, we will disclose to you the personal information we hold about you. We will also correct, amend or delete any personal information that we agree is inaccurate, irrelevant, out of date or incomplete.
We do not charge for receiving a request for access to personal information or for complying with a correction request.
In some limited cases, we may need to refuse access or a request for correction. We will advise you as soon as possible if this is the case and the reasons for our refusal.
Compliance with the Australian Anti-Encryption Bill
The laws have recently changed here in Australia to compel companies to share data with intelligence agencies or build in data sharing mechanisms which will report directly to the Australian Government. While we endeavour to protect your data and our platform from vulnerabilities wherever possible, we can’t break the law, nor can we tell you when your data may be at risk due to the orders of the Government. By using our platform or website, you expressly exclude us from any liability which arises from sharing data or building data sharing mechanisms (including ‘back-doors’ and vulnerabilities) at the direction of Australian Government and its agencies.
What happens if you want to complain?
Your complaint will be considered by us through our internal complaints resolution process and we will try to respond with a decision within 30 days of you making the complaint.
If your complaint is not resolved, you may refer it to the Office of the Australian Information Commissioner who can be contacted by phone at 1300 363 992, by email at [email protected], by post at GPO Box 5218, Sydney NSW 2001 or you can go to www.oaic.gov.au.
If your complaint reasonably requires us to contact a third party, we may need to give some of the information contained in your complaint to that party.
Tell us what you think
We welcome your questions and comments about privacy.
Contact us for requests for access and alterations, concerns or complaints or questions and comments at [email protected] or PO Box 8318, Woolloongabba, QLD, 4102.