Pay.com.au Pty Ltd ACN 639 316 546 (Pay.com.au, we, us, our) is committed to protecting and respecting your privacy and takes its obligations under the Privacy Act 1988 (Cth) seriously.
As your personal information is important to us, we will always be open and transparent as to how we handle it.
By “personal information”, we mean information or an opinion relating to an individual which can be used to identify that individual.
This Policy sets out how we handle personal information we collect and hold.
- Why do we collect personal information?
Information is collected from you when it is reasonably needed for business purposes. We collect and hold personal information for a variety of purposes – and different kinds of personal information are used for different purposes. Purposes include to:
- provide you with our products and services
- review and meet your ongoing needs
- provide you with information we believe may be relevant or of interest to you
- let you know about other products or services we offer
- send you information about special offers, including those related to loyalty programs (our own, or those of third parties)
- consider any concerns or complaints you may have
- comply with contractual obligations, relevant laws, regulations and other legal obligations
- help us improve the products and services offered to our customers and enhance our overall business.
We may also use and disclose your personal information for secondary purposes related to the primary purposes set out above, or in other circumstances authorised by the Privacy Act 1988 (Cth).
In each case, however, the personal information we collect, and hold is reasonably necessary to provide our services. This may include where we require it to comply with our legal or contractual obligations.
- What type of information do we collect and who do we collect personal information about?
We may collect and hold a range of personal information about you to provide you with our services, such as your name, DOB, address, contact information, bank account details, occupation and any other information we may need to provide you with our services.
The personal information we may collect and hold includes, but is not limited to, personal information about clients, potential clients, service providers, employees, prospective employees and contractors.
We do not collect sensitive personal information such as your race, sexual preferences or political beliefs.
- How does Pay.com.au get the personal information it collects and holds?
We collect most of your personal information directly from you when you apply online to be a client/user of our system.
We may also collect personal information if you:
- fill in a contact, registration or other form or otherwise provide details on our site (including for newsletters or other notifications);
- post material to our site or to our social media accounts
- contact us for assistance or with questions, or to report problems with our site or with an issue, product or services;
- contact us directly e.g. via phone or email; or
- use our site, for example we may also collect your IP address for security purposes.
You can choose not to provide your personal information or to deal with us anonymously, however if this occurs, we will most likely not be able to provide you with our services.
Cookies do not contain personal information, but can be used to identify a person when combined with other information. Cookies are small text files which are transferred to your computer’s hard drive through your web browser that enables our site to recognise your browser and capture and remember certain information. This includes facilitating your use of our platform and services.
We also use analytics on the site. We do not pass any personally identifiable information through this function, but the data we collect may be combined with other information which may be identifiable to you.
- Other information we collect during our service
We will collect information relating to your payments including the payee, their details and contact information. Other information relating to payment services may be collected with your permission such as those contained in invoices imported from Xero.
- Direct marketing
We may only use personal information we collect from you for the purposes of direct marketing without your consent if:
- the personal information does not include sensitive information
- you would reasonably expect us to use or disclose the information for the purpose of direct marketing
- we provide a simple way of opting out of direct marketing
- you have not requested to opt out of receiving direct marketing from us.
If we collect personal information about you from a third party, we will only use that information for the purposes of direct marketing if you have consented (or it is impracticable to obtain your consent), and we will provide a simple means by which you can easily request not to receive direct marketing communications from us. We will draw your attention to the fact you may make such a request in our direct marketing communications.
You have the right to request us not to use or disclose your personal information for the purposes of direct marketing, or for the purposes of facilitating direct marketing by other organisations. We must give effect to the request within a reasonable period of time. You may also request that we provide you with the source of their information. If such a request is made, we must notify you of the source of the information free of charge within a reasonable period of time.
- How can I access (and, if necessary, correct) personal information that Pay.com.au collects and holds about me?
You may gain access to the personal information that we hold about you, subject to the exceptions set out in the Privacy Act 1988 (Cth).
If you want to access or review (and, if necessary, correct) personal information that Pay.com.au may have collected and holds about you, please contact our Privacy Officer.
We will respond to your requests to access and to correct your personal information as soon as possible (but in any case within a reasonable period). If we refuse to provide the information, we will provide reasons for the refusal.
Contact our Privacy Officer at email@example.com if you have any concerns about privacy issues, including in relation to how Pay.com.au is dealing with your personal information or how it is being held.
- How can I complain about Pay.com.au if it breaches any applicable privacy principles or any registered code that binds it?
Contact our Privacy Officer if you have any complaints about breaches by Pay.com.au of any applicable privacy principles or of any registered code that binds it.
We will treat any complaint about a breach of privacy legislation or any relevant registered code seriously and will investigate any breach of which we become aware – including how it occurred and how best to prevent such a breach occurring again.
If you are not satisfied with our response to your complaint, you can also refer your complaint to the Office of the Australian Information Commissioner by:
- telephoning – 1300 363 992
- writing – Director of Complaints, Office of the Australian Information Commissioner, GPO Box 5218, SYDNEY NSW 2001
- emailing – firstname.lastname@example.org.
- What steps does Pay.com.au take to secure personal information?
We take all reasonable steps to ensure that your personal information is treated securely and in accordance with this Policy and is not subject to misuse, interference or loss, or unauthorised access, modification or disclosure. For example, apart from using secure servers (with application-level security and restricted logins), we implement firewalls. Where relevant, we also impose limits on who can access personal information.
Please note, however, that the transmission of information (including over the Internet) is never completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information – particularly while it is being transmitted to us – so any transmission is at your own risk and we cannot accept responsibility for misuse or loss of, or unauthorised access to, your personal information where the security of information is not within our control.
If you suspect any misuse or loss of, or unauthorised access to, your personal information, please let us know immediately.
If we have given you (or where you have chosen) a password which enables you to access our services or parts of our site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. A secure password must be chosen, and it must be different to passwords you use to access other sites.
- Does Pay.com.au disclose personal information other people or organisations?
We may disclose personal information to:
- an agent, contractor or service provider we engage to carry out our functions and activities, such as lawyers, accountants or other advisors
- organisations involved in managing payments, including payment merchants and other financial institutions such as banks
- third parties involved in running and delivering loyalty programs, including airlines, travel agents and card issuers
- regulatory bodies, government agencies, law enforcement bodies and courts
- financial product issuers and credit providers
- anyone else to whom you authorise us to disclose it or is required by law.
- Do we send personal information overseas?
Pay.com.au holds personal information securely on servers operated by our suppliers which may be located overseas in some cases. These suppliers may be located in Australia.
We may also disclose personal information to other third parties that are located overseas in order to provide you with our services – for example to airlines. We will only do this when it is necessary to provide our services.
We will not send personal information to recipients outside Australia unless:
- we have taken reasonable steps to ensure that the recipient does not breach the Privacy Act 1988 (Cth), including the Australian Privacy Principles
- the recipient is subject to an information privacy scheme similar to the Privacy Act
- you have consented to the disclosure.
If you consent to your personal information being disclosed to an overseas recipient, and the recipient breaches the Australian Privacy Principles, we will not be accountable for that breach under the Privacy Act, and you will not be able to seek redress under the Privacy Act.
- Opting Out
If you wish to opt out of receiving any marketing material please select opt out on the communications. Note that our system generated messages will continue to be sent as part of our provision of service.