Privacy Policy

 

Pay.com.au Privacy Policy

Effective 15/11/2024

Pay.com.au Limited ACN 639 316 546 (Pay.com.au, we, us, our) is committed to protecting and respecting your privacy and takes its obligations under the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth) (Privacy Act) seriously. As your personal information is important to us, we will always be open and transparent as to how we handle it. By “personal information”, we mean information or an opinion relating to an individual which can be used to identify that individual.

This Privacy Policy sets out how we handle personal information we collect and hold. We may modify or amend this Privacy Policy from time to time and will display the most recent version on our website. This Privacy Policy was last updated in August 2024.

1.     Why does Pay.com.au collect personal information? 

We collect and hold your personal information for a variety of business purposes – and different kinds of personal information are used for different purposes. These purposes include to:

• verify your identify;
• provide you with our products and services, including the processing of your payments via our payment platform or using the PayRewards portal (including by making a PayRewards redemption) (together, the Platform) and the sending of remittance advices to your payees (where you have elected to send such advices);
• review and meet your ongoing needs;
• provide you with information we believe may be relevant or of interest to you;
• let you know about other products or services we offer that may be of interest to you;
• send you information about special offers, including those related to loyalty programs (our own, or those of third parties);
• consider any enquiries, concerns or complaints you may have;
• comply with contractual obligations, relevant laws, regulations and other legal obligations; and
• help us improve the products and services offered to our customers and enhance our overall business.

We may also use and disclose your personal information in other circumstances authorised by the Privacy Act.

We sometimes use personal information to contact people who are not users of our products and services or don’t otherwise have a direct relationship with us, for instance where “payee” contact details have been provided to us by customers of our Platform. If you receive an email from us and no longer wish to be contacted by us you can opt-out at any time by following the instructions in section 5 of this Privacy Policy.

2.     What types of information does Pay.com.au collect?

 We collect a range of personal information such as your name, DOB, address, contact information such as email address and phone number, bank account details, payment method

details, occupation, you preferences in relation to your PayRewards experience, and other information to facilitate your Pay Travel requests and bookings, redemption requests, custom redemptions, the concierge services, and use of the Platform, and any other information you may send us, or we may request which we may need to conduct our business. To the extent required, we may also collect from you similar information about your “payees”. We may also ask for (or you may choose to provide us with) personal information as part of a Customer service enquiry or interaction (whether via phone, email or chat). Such interactions are logged and recorded, and personal information you provide to us during a customer service interaction is therefore also collected.The personal information we may collect and hold includes, but is not limited to, personal information about our clients, potential clients, service providers, employees, prospective employees and contractors.

We will also collect information required to effect your payments, including the payee, their details and contact information, and any other details you may provide when effecting a payment via the Platform. Other information relating to payment services may be collected with your permission such as those contained in invoices imported from Xero or other similar platforms or integrations. We generally do not collect sensitive personal information such as your race, sexual preferences or political beliefs.

3.     How does Pay.com.au get the personal information it collects and holds?

We collect most of the personal information directly from you when you apply online to be a client/user of our Platform.

We may also collect personal information if you:

• fill in a contact, registration or other form or otherwise provide details on our site (including for newsletters or other notifications);
• browse our site (see section 4 (Cookies) below);
• send a message or post material to our site or to our social media accounts;
• contact us for any reason, such as with questions, or to report problems with our site or products or services (including by phone, email, or otherwise);
• otherwise use our site, for example we may also collect your IP address for security

We may also collect third party “payee” details that you upload into our Platform so that we can process your payments and send remittance advices to the payees (where you have elected to send such advices). You are responsible for ensuring that you are lawfully entitled to provide the payee details to us so that we can use them as permitted by this Privacy Policy, including notifying them of any matters required by the APPs in relation to your disclosure to us of any of their personal information.

You can choose not to provide your personal information to us and deal with us anonymously, however if this occurs, we will most likely not be able to provide you with our services.

We may also collect your personal information from other third parties, for example credit reporting agencies and electronic verification services, to allow us to verify your identity, or process your payments in accordance with regulatory or other requirements.

4.     Does Pay.com.au use cookies?

We use cookies to operate our site. Cookies are small text files which are transferred to your device through your web browser that enables our site to recognise your browser and capture and remember certain information. This includes facilitating your use of our Platform and

services. Most web browsers automatically accept cookies, but if you do not wish to receive cookies, you can set your browser to refuse cookies. However, if you do this, you may not be able to use our services to their full extent.

We also use analytics on the site, such as clicks, page views, session times and other similar metrics. We do not pass any personally identifiable information through this function, but the data we collect may be combined with other information which may be identifiable to you.

5.     Does Pay.com.au conduct direct marketing and how can I opt-out? 

We may use your personal information for the purposes of direct marketing with your consent or otherwise where permitted by law. If we collect personal information about you from a third party, we will only use that information for the purposes of direct marketing if you have consented (unless it is impracticable to obtain your consent). You may request that we provide you with the source of the personal information in such instances. If such a request is made, we will notify you of the source of the information within a reasonable period of time, unless it is impracticable or unreasonable to do so.

If you opt to use the remittance advice function, then we may include some marketing material about us in that communication to the third party payee. We will not otherwise use the information you provide about your payees to undertake any marketing to them.

You have the right to request us not to use or disclose your personal information for the purposes of direct marketing, or for the purposes of facilitating direct marketing by other organisations, at any time by contacting our Privacy Officer (using the details in section 6 of this Privacy Policy). We will give effect to the request within a reasonable period of time. If you wish to opt out of receiving any marketing material please select opt out on any of the communications. Note that our system generated messages will continue to be sent as part of our provision of service.

6.     How can I access (and, if necessary, correct) personal information that Pay.com.au collects and holds about me? 

You may access any of the personal information that we hold about you, subject to the exceptions set out in the Privacy Act. If you want to access or review (and, if necessary, correct) personal information that Pay.com.au may have collected and holds about you, please contact us at privacy@pay.com.au or on 1300 241 723. We will respond to your requests to access and to correct your personal information as soon as possible (but in any case within a reasonable period). If we refuse to provide the information, we will provide a written statement for the refusal. We may seek to recover reasonable costs associated with providing you with access to or correction of your personal information.

7.     How can I make a complaint about the way Pay.com.au handles my personal information? 

Contact our Privacy Officer (using the details in section 6 of this Privacy Policy) if you have any complaints about the way in which we handle your personal information.

We will treat any complaints seriously and will endeavour to respond as soon as practical upon receiving written notice of your complaint.

If you are not satisfied with our response to your complaint, you can also refer your complaint to the Office of the Australian Information Commissioner by:

• telephoning – 1300 363 992;
• writing to – Office of the Australian Information Commissioner, GPO Box 5288, SYDNEY NSW 2001; or
• the online form available here.

8.     What steps does Pay.com.au take to secure personal information?

We take all reasonable steps to ensure that your personal information is treated securely and in accordance with this Privacy Policy and is not subject to misuse, interference or loss, or unauthorised access, modification or disclosure. For example, we use secure servers (with application-level security and restricted logins) and implement firewalls. Where relevant, we also impose limits on what personnel can access the personal information we hold.

Please note, however, that the transmission of information (including over the internet) is never completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information – particularly while it is being transmitted to us – so any transmission is at your own risk and we cannot accept responsibility for misuse or loss of, or unauthorised access to, your personal information where the security of information is not within our control.

If you suspect any misuse or loss of, or unauthorised access to, your personal information, please let us know immediately.

If we have given you (or where you have chosen) a password which enables you to access our services or parts of our site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. A secure password must be chosen, and it must be different to passwords you use to access other sites.

9.     Does Pay.com.au disclose personal information to other people or organisations?

We may disclose personal information to:

• an agent, contractor or service provider we engage to carry out our functions and activities, such as lawyers, accountants or other advisors;
• third party organisations involved in managing payments, including payment merchants and other financial institutions such as banks;
• third parties involved in running and delivering loyalty programs, including airlines, travel agents and card issuers;
• regulatory bodies, government agencies, law enforcement bodies and courts;
• financial product issuers and credit providers;
• your third party “payee” organisations (to the extent required to provide our services); and
• anyone else to whom you authorise us to disclose it to or as otherwise permitted by

If we disclose your personal information to service providers that perform business activities for us, they may only use your personal information for the purposes for which we disclose it. We will ensure that all third parties are made aware of our Privacy Policy.

10.  Does Pay.com.au send personal information overseas? 

Pay.com.au holds personal information securely on servers operated by our suppliers which may be located overseas. We may disclose personal information to a number of our staff based in the Phillipines. We may also disclose personal information to other third parties that are located overseas in order to provide you with certain services – for example to airlines. We will only do this when it is necessary to provide our services.

We will not send personal information to recipients outside Australia unless:

• we have taken reasonable steps to ensure that the recipient does not breach the APPs in the Privacy Act;
• the recipient is subject to an information privacy scheme substantially similar to Australian privacy law; or
• you have otherwise consented to the disclosure of your personal information overseas, including your consent that if the recipient does not handle your personal information in a manner consistent with Australian privacy law, we will not be accountable to you and you will not be able to seek redress under Australian privacy law.

11.  Does Pay.com.au ever change its Privacy Policy?

We review our Privacy Policy from time to time, to ensure it is in line with best practice and up- to-date with any legislative changes. Any changes to our Privacy Policy will be incorporated into a new version and made available online. Our handling of your personal information will be governed by our most recent Privacy Policy.

Please contact our Privacy Officer (using the details in section 6 of this Privacy Policy) if you have any questions, comments or requests in relation to this Privacy Policy.

 

Pay.com.au Privacy Policy

Effective prior to 15/11/2024

Pay.com.au Limited ACN 639 316 546 (Pay.com.au, we, us, our) is committed to protecting and respecting your privacy and takes its obligations under the Privacy Act 1988 (Cth) seriously.

As your personal information is important to us, we will always be open and transparent as to how we handle it.

By “personal information”, we mean information or an opinion relating to an individual which can be used to identify that individual.

This Policy sets out how we handle personal information we collect and hold.

1. Why do we collect personal information?

Information is collected from you when it is reasonably needed for business purposes.  We collect and hold personal information for a variety of purposes – and different kinds of personal information are used for different purposes. Purposes include to:

• provide you with our products and services
• review and meet your ongoing needs
• provide you with information we believe may be relevant or of interest to you
• let you know about other products or services we offer
• send you information about special offers, including those related to loyalty programs (our own, or those of third parties)
• consider any concerns or complaints you may have
• comply with contractual obligations, relevant laws, regulations and other legal obligations
• help us improve the products and services offered to our customers and enhance our overall business.

We may also use and disclose your personal information for secondary purposes related to the primary purposes set out above, or in other circumstances authorised by the Privacy Act 1988 (Cth).

In each case, however, the personal information we collect, and hold is reasonably necessary to provide our services. This may include where we require it to comply with our legal or contractual obligations.

2. What type of information do we collect and who do we collect personal information about?

We may collect and hold a range of personal information about you to provide you with our services, such as your name, DOB, address, contact information, bank account details, occupation and any other information we may need to provide you with our services.

The personal information we may collect and hold includes, but is not limited to, personal information about clients, potential clients, service providers, employees, prospective employees and contractors.

We do not collect sensitive personal information such as your race, sexual preferences or political beliefs.

3. How does Pay.com.au get the personal information it collects and holds?

We collect most of your personal information directly from you when you apply online to be a client/user of our system.

We may also collect personal information if you:

• fill in a contact, registration or other form or otherwise provide details on our site (including for newsletters or other notifications);
• browse our site (we use cookies to ensure you have the best experience when browsing);
• post material to our site or to our social media accounts
• contact us for assistance or with questions, or to report problems with our site or with an issue, product or services;
• contact us directly e.g. via phone or email; or
• use our site, for example we may also collect your IP address for security purposes.

You can choose not to provide your personal information or to deal with us anonymously, however if this occurs, we will most likely not be able to provide you with our services.

We may also source personal information from other third parties, for example credit reporting agencies to allow us to process your payments in accordance with regulatory or other requirements and electronic verification services. We may also use third parties to analyse traffic at our website, which may involve the use of cookies. Information collected through such analysis is anonymous.

4. Cookies

To use our site, you must consent to the use of cookies. You can withdraw or modify your consent to our use of cookies at any time. If you no longer wish to receive cookies, you can set your browser to refuse cookies.  If you do this, you may not be able to use our services.

Cookies do not contain personal information, but can be used to identify a person when combined with other information. Cookies are small text files which are transferred to your computer’s hard drive through your web browser that enables our site to recognise your browser and capture and remember certain information.  This includes facilitating your use of our platform and services.

We also use analytics on the site.  We do not pass any personally identifiable information through this function, but the data we collect may be combined with other information which may be identifiable to you.

5. Other information we collect during our service

We will collect information relating to your payments including the payee, their details and contact information.  Other information relating to payment services may be collected with your permission such as those contained in invoices imported from Xero.

6. Direct marketing

We may only use personal information we collect from you for the purposes of direct marketing without your consent if:

• the personal information does not include sensitive information
• you would reasonably expect us to use or disclose the information for the purpose of direct marketing
• we provide a simple way of opting out of direct marketing
• you have not requested to opt out of receiving direct marketing from us.

If we collect personal information about you from a third party, we will only use that information for the purposes of direct marketing if you have consented (or it is impracticable to obtain your consent), and we will provide a simple means by which you can easily request not to receive direct marketing communications from us. We will draw your attention to the fact you may make such a request in our direct marketing communications.

You have the right to request us not to use or disclose your personal information for the purposes of direct marketing, or for the purposes of facilitating direct marketing by other organisations. We must give effect to the request within a reasonable period of time. You may also request that we provide you with the source of their information. If such a request is made, we must notify you of the source of the information free of charge within a reasonable period of time.

7. How can I access (and, if necessary, correct) personal information that Pay.com.au collects and holds about me?

You may gain access to the personal information that we hold about you, subject to the exceptions set out in the Privacy Act 1988 (Cth).

If you want to access or review (and, if necessary, correct) personal information that Pay.com.au may have collected and holds about you, please contact our Privacy Officer.

We will respond to your requests to access and to correct your personal information as soon as possible (but in any case within a reasonable period). If we refuse to provide the information, we will provide reasons for the refusal.

Contact our Privacy Officer at support@pay.com.au if you have any concerns about privacy issues, including in relation to how Pay.com.au is dealing with your personal information or how it is being held.

8. How can I complain about Pay.com.au if it breaches any applicable privacy principles or any registered code that binds it?

Contact our Privacy Officer if you have any complaints about breaches by Pay.com.au of any applicable privacy principles or of any registered code that binds it.

We will treat any complaint about a breach of privacy legislation or any relevant registered code seriously and will investigate any breach of which we become aware – including how it occurred and how best to prevent such a breach occurring again.

If you are not satisfied with our response to your complaint, you can also refer your complaint to the Office of the Australian Information Commissioner by:

• telephoning – 1300 363 992
• writing – Director of Complaints, Office of the Australian Information Commissioner, GPO Box 5218, SYDNEY NSW 2001
• emailing – enquiries@oaic.gov.au.

 

9. What steps does Pay.com.au take to secure personal information?

We take all reasonable steps to ensure that your personal information is treated securely and in accordance with this Policy and is not subject to misuse, interference or loss, or unauthorised access, modification or disclosure. For example, apart from using secure servers (with application-level security and restricted logins), we implement firewalls. Where relevant, we also impose limits on who can access personal information.

Please note, however, that the transmission of information (including over the Internet) is never completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information – particularly while it is being transmitted to us – so any transmission is at your own risk and we cannot accept responsibility for misuse or loss of, or unauthorised access to, your personal information where the security of information is not within our control.

If you suspect any misuse or loss of, or unauthorised access to, your personal information, please let us know immediately.

If we have given you (or where you have chosen) a password which enables you to access our services or parts of our site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.  A secure password must be chosen, and it must be different to passwords you use to access other sites.

10. Does Pay.com.au disclose personal information other people or organisations?

We may disclose personal information to:

• an agent, contractor or service provider we engage to carry out our functions and activities, such as lawyers, accountants or other advisors
• organisations involved in managing payments, including payment merchants and other financial institutions such as banks
• third parties involved in running and delivering loyalty programs, including airlines, travel agents and card issuers
• regulatory bodies, government agencies, law enforcement bodies and courts
• financial product issuers and credit providers
• anyone else to whom you authorise us to disclose it or is required by law.

If we disclose your personal information to service providers that perform business activities for us, they may only use your personal information for the specific purpose for which we supply it. We will ensure that all contractual arrangements with third parties adequately address privacy issues and will make third parties aware of our Privacy Policy.

11. Do we send personal information overseas?

Pay.com.au holds personal information securely on servers operated by our suppliers which may be located overseas in some cases.  These suppliers may be located in Australia.

We may also disclose personal information to other third parties that are located overseas in order to provide you with our services – for example to airlines.  We will only do this when it is necessary to provide our services.

We will not send personal information to recipients outside Australia unless:

• we have taken reasonable steps to ensure that the recipient does not breach the Privacy Act 1988 (Cth), including the Australian Privacy Principles
• the recipient is subject to an information privacy scheme similar to the Privacy Act
• you have consented to the disclosure.

If you consent to your personal information being disclosed to an overseas recipient, and the recipient breaches the Australian Privacy Principles, we will not be accountable for that breach under the Privacy Act, and you will not be able to seek redress under the Privacy Act.

12. Does Pay.com.au ever change its Privacy Policy?

We review our Privacy Policy from time to time, to ensure it is in line with best practice and up-to-date with any legislative changes. Any changes to our privacy policy will be incorporated into a new version and made available online. Our use of your personal information will be governed by our most recent policy.

Please contact our Privacy Officer if you have any questions, comments or requests in relation to this Privacy Policy.

13. Opting Out

If you wish to opt out of receiving any marketing material please select opt out on the communications.  Note that our system generated messages will continue to be sent as part of our provision of service.