The last update to this document was 1 March 2017.
Openpay Pty Ltd ACN 159 699 126 (Openpay, we, us, our) is committed to complying with applicable privacy laws in relation to the personal information that we collect in the course of running our business.
In this document:
“APPs” means the Australia Privacy Principles set out in the Privacy Act;
“Personal information” has the meaning set out in the Privacy Act, and (in summary) means information or an opinion about an identified individual or an individual who is reasonably identifiable, whether true or otherwise; and
“Privacy Act” means the Privacy Act 1988 (Cth),
- How we collect your personal information
We will collect and hold your personal information in a fair and lawful manner, and not in an intrusive way. Where it is reasonably practical to do so, we will collect your personal information directly from you. We may collect the personal information you directly give us through some of the following means:
- when you apply for credit;
- when you make an inquiry or order in relation to goods or services, including through our website located at openpay.com.au(the Website);
- in administering and performing any contracts with service providers;
- when you contact us via telephone or other means;
- from correspondence (whether in writing or electronically);
- through any mobile applications provided by our organisation;
- while conducting customer satisfaction and market research surveys;
- when administering any of our services; and
- as otherwise required to manage our business.
If we collect personal information about you from a third party we will, where appropriate, request that the third party inform you that we are holding such information, how we will use and disclose it, and that you may contact us to gain access to and correct and update the information.
- Types of personal information we collect
The type of personal information we may collect can include (but is not limited to) your name, postal address, email address, phone numbers, date of birth, credit card details, drivers licence, financial position, credit information, billing information and, if applicable, current and former employment details.
If you download and use one of our mobile applications, we may record details of your device details and operating systems.
If you have provided Openpay with permission to access your device location when using our app, we may collect information about your geographical location.
We only collect sensitive information about you with your consent, or otherwise in accordance with the Privacy Act.
Where you do not wish to provide us with your personal information, we may not be able to provide you with requested goods or services.
- Our purposes for handling your personal information
As a general rule, we only process personal information for purposes that would be considered relevant and reasonable in the circumstances.
We collect, hold, use and disclose personal information to:
- confirm your identity and credit worthiness and to process credit applications you make;
- identify you in accordance with the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth);
- manage any Openpay credit products you have with us (including to collect debts);
- offer and provide you with our goods and services;
- manage and administer those goods and services, including account keeping procedures;
- communicate with you, including (but not limited to) emailing you tax invoices;
- where you have provided us with access to your geographical location via any of our mobile applications, we may send you push notifications and other electronic communications (including SMS) if you are located near one of Openpay’s merchants, including notifications regarding promotional and special offers from Openpay and those merchants near your geographical location;
- comply with our legal and regulatory obligations; and
- otherwise to manage our business.
- Who we disclose your personal information to
The types of persons, agencies and entities we typically disclose personal information to include (but are not limited to):
- our suppliers, contractors (such as any mail house), organisations that provide us with technical and support services and our professional advisors;
- our related entities (who may use and disclose the information in the same manner we can); and
- debt collection agencies.
We may also discloser your personal information in accordance with any consent you give or where disclosure is authorised, compelled or permitted by law.
If we disclose information to a third party, we generally require that the third party protect your information to the same extent that we do.
- Credit providers and credit reporting bodies
We may exchange your credit-related personal information (including your credit worthiness or credit history) with credit reporting bodies (CRBs) and with other credit providers. We exchange this credit-related personal information to assess an application by you for credit and to notify CRBs and other credit providers of a serious credit infringement or default by you. We may disclose your information to any person reasonably necessary for the purposes of that person taking an assignment of your loan.
You can ask a CRB not to use or disclose credit information it holds about you for a period of 21 days (called a ‘ban period’) without your consent if you believe on reasonable grounds that you have been or are likely to be a victim of fraud, including identity fraud. You agree to us accessing your personal information (including credit-related information) held with a CRB, even if there is a ban period in place, for the purposes of assessing an application for credit or to collect overdue payments.
CRBs may use the credit-related personal information they hold to respond to requests from us or other credit providers to ‘pre-screen’ you for direct marketing. You can ask a CRB not to do this.
- Protection of personal information
We will hold personal information as either secure physical records, electronically on our intranet system, in cloud storage, and in some cases, records on third party servers, which may be located overseas.
We use a range of security measures to protect the personal information we hold, including by ensuring that data centres are subject to identity and access management and employees and third parties are subject to information security obligations.
We will destroy or de-identify personal information once it is no longer needed for a valid purpose or required to be kept by law.
- Direct marketing
Like most businesses, marketing is important to our continued success. We therefore like to stay in touch with customers and let them know about new offers and opportunities. We may provide you with information about products, services and promotions either from us, or from third parties which may be of interest to you.
You may opt out at any time if you no longer wish to receive direct marketing messages from us. You can make this request by contacting our Privacy Officer.
- Accessing and correcting your personal information
You may contact our Privacy Officer to request access to the personal information that we hold about you and/or to make corrections to that information, at any time. On the rare occasions when we refuse access, we will provide you with a written notice stating our reasons for refusing access. We may seek to recover from you reasonable costs incurred for providing you with access to any of the personal information about you held by us.
We are not obliged to correct any of your personal information if we do not agree that it requires correction and may refuse to do so. If we refuse a correction request, we will provide you with a written notice stating our reasons for refusing.
We will respond to all requests for access to or correction of personal information within a reasonable time.
- Overseas transfers of personal information
We may disclose your personal information to our related entities, service providers and agents located overseas, including in the UK, USA, the Philippines and Hong Kong. From time to time we may also engage an overseas recipient to provide services to us, such as cloud-based storage solutions. Please note that the use of overseas service providers to store personal information will not always involve a disclosure of personal information to that overseas provider.
By providing your personal information to us, you consent to us disclosing your personal information to any such overseas recipients for purposes necessary or useful in the course of operating our business, and agree that APP 8.1 will not apply to such disclosures. For the avoidance of doubt, in the event that an overseas recipient breaches the Australian Privacy Principles, that entity will not be bound by, and you will not be able to seek redress under, the Privacy Act.
- Resolving personal information concerns
The Privacy Officer
Level 40, 120 Collins Street, Melbourne VIC 3000, Australia
Telephone +61 (0)3 9009 7211
We take all complaints seriously, and will respond to your complaint within a reasonable period.
If you are dissatisfied with the handling of your complaint, you may contact the Office of the Australian Information Commissioner:
Office of the Australian Information Commissioner
GPO Box 5218, Sydney NSW 2001
Telephone: 1300 363 992