The Privacy Act, Australian Privacy Principles and Credit Reporting
Gap Solutions Pty Ltd ACN 057 892 538 (“Gap Solutions”, “we”, “us”) values the privacy of personal information and is committed to providing a high level of privacy to our customers in relation to the personal information and credit related personal information collected from them.
We are bound by the Australian Privacy Principles (“APPs”) under the Privacy Act 1988 (Cth) (the “Act”) and certain aspects of the credit reporting provisions under Part IIIA of the Act and the Credit Reporting Privacy Code (“CR Code”). The APPs, credit reporting provisions and CR Code set standards to be met in the collection, use, disclosure and handling of personal information and credit related personal information.
PART 1- DEALING WITH PERSONAL INFORMATION
Personal information we collect
Gap Solutions may collect and/or hold the following personal information (not including sensitive information):
- contact information such as name, address, email address, telephone numbers, fax numbers and date of birth;
- financial details, including bank account details and credit card details;
- business details;
- trade references;
- financial and business data;
- wireless log on details;
- eftpos pinpad details; and
- remote login passwords.
Why we collect personal information
Gap Solutions collects, holds and uses personal information to enable us to:
- market or promote our services directly to individuals;
- process payments;
- assess an applicant’s eligibility for credit;
- resolve a complaint;
- provide further information about a product or service;
- develop and identify products and services that may interest clients;
- provide support services in relation to products and services;
- provide credit;
- administer our products and services; and
- for other purposes related to any of the above.
If you would like more information about the services and products that we offer, please contact us via the details provided on our website.
Your personal information will only be collected, held, used and/or disclosed for the primary purposes of collection. If the information is not provided, we may not be able to provide the services or products requested. We may use personal information for a secondary purpose only if permitted by the APPs.
How we collect and hold personal information
We generally collect personal information directly from you, through credit application forms completed by you.
Alternatively, we may collect personal information through ongoing business dealings with you.
We hold all personal information in hard copy documents and/or in electronic format.
Disclosure of personal information
We have a duty to maintain the confidentiality of your affairs. This includes keeping your personal information confidential. Our duty of confidentiality applies except where we have consent to disclose personal information, the disclosure is permitted under the APPs or is compelled by law.
We disclose personal information to necessary third parties, who assist us to provide, manage and administer our services and products. These third parties include (but are not limited to):
- suppliers – for the purpose of facilitating the supply of goods and services, licensing software and to provide support to the end user of the product; and
- advertising companies – for the purposes of promoting our products and services.
We may disclose personal information to overseas parties in Canada for the purpose of providing services and support.
Security of personal information
We endeavour to protect any personal information that we hold from misuse, loss, unauthorised access, modification and disclosure.
We aim to achieve this through:
- imposing confidentiality requirements on our employees;
- implementing policies in relation to document storage security;
- implementing security measures to govern access to our systems;
- controlling access to our premises; and
- implementing website protection measures.
Access to information and seeking correction
We take reasonable steps to ensure that all personal information is accurate, complete and up-to-date.
We will, on request, provide you with access to your personal information or update or correct your personal information, unless the APPs provide an exception to us granting your request.
Your request for access to your personal information or to update or correct your personal information will be dealt with by the Privacy Officer as soon as reasonably practicable. If we deny your request, we will provide you with a written notice detailing reasons for the refusal and the process for making a complaint about the refusal to grant your request.
We may deny you access to your personal information if:
- access would pose a serious threat to the life or health of any individual or the public;
- access would have an unreasonable impact on the privacy of other individuals;
- the request for access is considered “frivolous” or “vexatious”;
- the information relates to a commercially sensitive decision making process;
- access would be unlawful or denying access is required or authorised by law or a court order;
- we have reason to suspect that unlawful activity or serious misconduct is being, or has been, engaged in with regard to our business functions or activities and the granting of access would prejudice our ability to take appropriate action;
- access would prejudice enforcement activities relating to criminal activities and other breaches of law, public revenue, a security function, or negotiations with the individual;
- the information relates to negotiations or legal proceedings that are in place, or anticipated, between you and Gap Solutions; or
- access would be likely to prejudice enforcement related activities conducted by an enforcement body.
Gap Solutions will take appropriate steps to verify your identity (or verify that you act as a legal guardian or authorised agent of the individual concerned) before granting a request to access your personal information. For example, you may be required to provide us with information which we can use to compare against the records held by us.
Where your request for access is accepted, we will provide you with access to your personal information in a manner as requested by you, providing it is reasonable and practicable to do so.
Upon accepting a request for correction of your personal information, we will take all steps that are reasonable in the circumstances, having regard to the purpose for which your personal information is held, to correct your personal information.
PART 2- DEALING WITH CREDIT RELATED PERSONAL INFORMATION
Collection of Credit Related Personal Information
Gap Solutions may collect, use, hold and disclose the following types of credit related personal information:
- identification information – name, date of birth, current or previous address, driver’s licence number;
- type and amount of credit sought;
- publicly available information about an individual’s creditworthiness;
- payment history;
Credit related personal information is managed by Gap Solutions in accordance with the procedures set out in Part 1 of this Policy, unless provided otherwise in this Part 2.
Gap Solutions does not participate in the credit reporting system and does not receive credit reporting information from credit reporting bodies. As such, Gap Solutions does not derive any personal information from credit reporting information provided by a credit reporting body.
Means of collection of credit related personal information
In addition to the methods above, Gap Solutions may collect credit related personal information from other credit providers, such as trade references, subject to any restrictions in the Act.
Request for Access or Correction
A request for access to your credit eligibility information or for the correction of your credit information or credit eligibility information can be made following the procedures set out above.
We will respond to your request for access to credit eligibility information within a reasonable time after you make the request and, if access is granted, access will be provided within 30 days from your request. Your request for correction will be dealt with within 30 days, or such longer period as agreed by you.
If we deny your request for access or correction, we will provide you with a written notice detailing reasons for the refusal and the process for making a complaint about the refusal to grant your request.
Request for access
We will accept your request for access unless:
- giving access would be unlawful;
- we are required or authorised by law or a court/tribunal order to deny access; or
- giving access is likely to prejudice one or more enforcement related activities conducted by an enforcement body.
Where your request for access is accepted, we will provide you with access to your credit eligibility information in a manner as requested by you, providing it is reasonable to do so.
Request for correction
We will accept your request for correction where we are satisfied that your credit eligibility information or credit information is inaccurate, out-of-date, incomplete, irrelevant or misleading.
If your request for correction of credit related personal information is accepted, we will provide written notice of this correction to any entity to which we have disclosed this information previously, to the extent that this is practicable.
PART 3- GENERAL
Dealing with us anonymously
Where lawful and practicable to do so, you can deal with us anonymously or using a pseudonym. The circumstances in which you can deal with us anonymously or using a pseudonym include:
- making a general enquiry about the services that we can offer to you;
You may request at the start of any telephone call with us, in relation to a general enquiry, to remain anonymous (or you may use a pseudonym).
A complaint in relation to a request made by you to access your credit eligibility information or correct your credit information should be directed to the Commissioner.
Upon receiving a complaint relating to credit related personal information, the Privacy Officer will, within 7 days from receiving the complaint, provide you with a written notice acknowledging the receipt of your complaint and setting out how the complaint will be dealt with.
Upon receiving such a complaint, the issue will be investigated by our Privacy Officer. In the case of credit related personal information, the Privacy Officer will consult with any other credit reporting body or credit provider about your complaint that it deems is necessary.
The Privacy Officer will respond to your complaint as soon as reasonably possible, but not more than 30 days after receiving the complaint.
If you are unsatisfied with the outcome of your complaint, you may ask the Privacy Officer to be referred to a higher authority within the company, such as the Director. If you still remain unsatisfied with the outcome, you may refer your complaint to the Office of the Australian Information Commissioner to be resolved.
If you wish to:
- gain access to or correct your personal information;
- make a complaint about a breach of your privacy;
- contact us with a query about how your personal information is collected or used; or
you can speak directly with our staff who will do their best to try to resolve your issue as simply as possible. Alternatively, you can write to us or send us an email so that our Privacy Officer can consider the matter. We will respond to you as soon as reasonably possible.
Our contact details are as follows:
Phone: 08 8408 8150
Privacy Officer contact: firstname.lastname@example.org
Postal address: 26 Woodlands Tce, Edwardstown, SA 5039
For more information on privacy, see the Office of the Australian Information Commissioner’s website at: http://www.oaic.gov.au.
This Policy was last updated on 21st June 2017.