- Personal information is defined in the Privacy Act 1988 (Cth) (Privacy Act) and means information or an opinion about an identified individual, or an individual who is reasonably identifiable.
- We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act. A copy of the APPs may be obtained from the website of the Office of the Australian Information Commissioner at aoic.gov.au.
What personal information we collect
- We only collect personal information you give us directly, or which is collected automatically as part of your activities with us (including usage data or cookies on our website).
- When we collect information, we will ensure the individual has given verifiable consent or there is some other lawful basis for collection and processing. We will generally explain to the individual why we are collecting it, who we give it to and how we will use or disclose it.
- The personal information that we collect includes:
- Identifying information, including your name, contact details including your email, home address and billing address;
- Transactional information, including information you provide as part of a transaction with us or that is generated as a result of that transaction;
- Financial information, including payment details, credit card numbers or bank details;
- Information we are required or authorised to collect and process under law to identify you or verify information you have provided;
- Usage information, including data about your interaction with our website through devices you use;
- Computer and connection information such as page views, traffic, URLs, IP address and web log information.
- Our services are not intended for children and we do not knowingly collect personal information from individuals who are children.
Why we collect personal information
- The purpose for which we collect personal information is to enable the effective provision of our services to you and our other customers, including to:
- Execute your requests for our services;
- Improve and optimise our services, business and our users’ experience
- To send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you;
- To send you marketing and promotional messages and other information that may be of interest to you, including information sent by, or on behalf of, our business partners that we think you may find interesting. You may opt out of receiving these direct marketing communications at any time. Our electronic marketing activities will comply with the requirements of the Spam Act 2003 (Cth);
- To administer rewards, surveys, contests, or other promotional activities or events sponsored or managed by us or our business partners;
- To comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties; and
- To consider your employment application.
How we collect and hold personal information
- We must collect personal information only by lawful and fair means. We will collect personal information directly from you if it is reasonable or practicable to do so.
- At or before the time or, if it is not reasonably practicable, as soon as practicable after, we collect personal information, we must take such steps as are reasonable in the circumstances to either notify you or otherwise ensure that you are made aware of the following:
- Our identity and contact details;
- That we have collected personal information from someone other than you or if you are unaware, that such information has been collected;
- That collection of personal information is required by law (if it is);
- The purpose for which we collect the personal information;
- The consequences if we do not collect some or all of the personal information;
- Any other third party to which we may disclose the personal information;
- Whether we are likely to disclose personal information to overseas recipients and the countries in which those recipients are likely to be located.
- Unsolicited personal information is personal information that we receive which we did not solicit. Unless we determine that it could have collected the personal information in line with the APPs or the information is contained in a Commonwealth record, we must destroy the information to ensure it is de-identified.
- We will only collect sensitive information where you consent to the collection of the information, and the information is reasonably necessary for one or more of our functions or activities.
- Sensitive information includes, but is not limited to, information or an opinion about the racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, membership of a trade union, sexual preferences, criminal record, health information or genetic information.
- Sensitive information will be used by us only:
- For the primary purpose for which it was obtained;
- For a secondary purpose that is directly related to the primary purpose; and
- With your consent or where required or authorised by law.
Use or disclosure of Government related identifiers
- In some circumstances, we are required to collect government related identifiers (such as a tax file number). We will not adopt a government related identifier as your unique identifier within our systems. We will not use or disclose any of your Government related identifiers unless we are required by law.
When we will use, process or disclose personal Information
- We will only use, process or disclose your personal information for the primary purpose for which it was collected or otherwise as relevant national laws allow. We may otherwise use and disclose your personal information to detect, prevent and investigate fraudulent behaviour, if you have given us consent for the use or disclosure or it is required or authorised by law.
- If those purposes for which we have collected the information involve providing personal information about an individual to any third party, we will take appropriate and reasonable steps to ensure any personal information is protected.
- We may disclose personal information for the purposes described above to:
- our employees and related bodies corporate;
- data processors, including third party suppliers and service providers (including providers for the operation of our websites and/or our business or in connection with providing our products and services to you);
- professional advisers, dealers and agents;
- payment systems operators (eg merchants receiving card payments);
- our existing or potential agents, business partners or partners;
- our sponsors or promoters of any competition that we conduct via our services;
- anyone to whom our assets or businesses (or any part of them) are transferred;
- specific third parties authorised by you to receive information held by us; and/or
- other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.
Where your personal information be held and processed
- We will process your personal information in our servers in Australia.
- We will provide your information to third parties that provide services to us solely for the purpose of providing those services, including third parties that provide our payment gateway, marketing and technology support services. This may include providing your information to third parties that are located outside of Australia.
- Where your personal information is transferred outside Australia, we will take steps to ensure that overseas recipients will deal with that information in a way that is consistent with the Australian Privacy Law or applicable national laws.
Security and retention of personal information
- We take reasonable steps to protect the personal information we hold against loss, unauthorised access, use, modification or disclosure and against other misuse. However, we cannot guarantee the security of your personal information.
- We will only use, process or store personal information for as long as required by the purpose it has been collected, including where such purpose relates to our legitimate interest, and for a longer period where you have given consent to such processing, as long as such consent is not withdrawn. We may may be obliged to retain personal information for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.
Third parties and information you receive through us
- Where you transact with another person or entity through us, we may enable you to obtain the personal information of that person or entity. You acknowledge that in these circumstances you are the data controller of that data and you should, where required, inform that other person about your privacy practices and otherwise comply with relevant national laws.
- Using the personal information of any person you receive through us for any other purpose other than to perform the transaction we enable is prohibited by this policy.
Anonymity and Pseudonymity
- You have the option of not identifying yourself or using a pseudonym when dealing with us about a particular matter. This does not apply:
- Where we are required or authorised by or under law, or a court/tribunal order, to deal with individuals who have identified themselves; and
- Where it is impracticable for us to deal with individuals who have not identified themselves or who have used a pseudonym.
- However, in some cases, if you do not provide us with the personal information when requested, we may not be able to respond to the request or provide the services you are requesting.
Your rights and our complaints procedure
- You have certain rights in relation to the personal information we collect and hold about you. We will allow an individual to:
- Know what personal information we maintain about you and request a copy of your personal information which we will provide; and
- Request us to correct information we hold about you.
- To make a complaint about how we handle your personal information or make a request, you may contact our Privacy Officer at 03 5222 4522. We will respond to your complaint within a reasonable time after it is received. If you are not satisfied by our response, you may acquire further information regarding privacy from the Office of the Australian Information Commissioner.