The regulations that protect your ‘personal information’
If you are in Australia or are a resident of Australia when you give us your ‘personal information’, your ‘personal information’ is protected under the Australian Privacy Act (including the Australian Privacy Principles (APPs)) and any applicable APP Code.
If you are a resident of the European Economic Area (EEA) when you give us your ‘personal information’ we will protect it in accordance with the General Data Protection Regulation (GDPR). We will also comply with the GDPR if we process your ‘personal information’ in the EEA. For GDPR purposes, we are the ‘controller’ of your information.
The kind of ‘personal information’ that we collect
In this document, if we use the words ‘personal information’, we mean ‘personal information’ (including ‘credit information’ and ‘sensitive information’) under Australian law as well as ‘personal data’ and other information under the GDPR. The kinds of ‘personal information’ that we collect may include your name, date of birth, address, telephone number, email address, and employment history.
Generally, we do not collect ‘sensitive information’ about you. We will only collect sensitive information about you with express your consent.
Why do we collect your ‘personal information’?
We collect ‘personal information’ about you so that we can provide you with our products and services. This includes:
· providing you with access to our website;
· providing you with relevant information about Thrive;
· answering your questions; and
· dealing with any complaints or concerns you may have; and
· providing you with our products and services.
We also collect your ‘personal information’ so that we can contact you and provide you with information about products and services that may be of interest to you.
Who can give us ‘personal information’ about you?
Where reasonable and practical we will only collect your ‘personal information’ directly from you. However, we may also collect information about you from third parties, such as a partner or spouse who contacts us on your behalf, from our contractors who supply services to us, from advisers such as accountants or lawyers or from other organisations authorised by you.
We may also collect ‘credit information’ about you from credit-reporting bodies when authorised by you to do so.
If you provide personal information to us about someone else, you must ensure that you are entitled to disclose that information to us and that we can collect, use and disclose that information asset out in this document without having to take any further steps required under law (such as obtain that person’s consent). This means that if you provide us with ‘personal information about someone else’, you must make sure that the individual concerned understands the matters set out in this Policy and has provided their consent to be bound by this document.
How do we collect your ‘personal information’?
We collect your ‘personal information’ in many ways. These can include:
· when you contact us by telephone, email or via our website;
· when you create or update a user profile that includes personal information such as your name and contact details;
· when you apply for one of our products or services; or
· when you apply for employment with us.
When you access our website, we may collect ‘personal information’ about you using ‘cookies’. ‘Cookies’ are files that are implanted in your hard drive or device to collect, store and receive identifiers and information about your usage of our website as well as information about where you are located at the time you access our website (using GPS, Bluetooth, or WiFi signals, depending on the permissions that you have granted). By using ‘cookies’ we are able to enhance and personalise our website to better suit your needs.
How do we use your ‘personal information’?
We will only use your ‘personal information’ for the purpose for which it has been provided, for reasonably related secondary purposes, any other purpose you have consented to and any other purpose permitted under the Privacy Act.
The ways that we use your ‘personal information’ may include:
· to improve and personalise our website for you;
· to develop new features, products and services;
· to notify you about new features and products;
· to provide you with information about our products and services;
· to conduct research for our own internal purposes; and
· to handle any complaints that you may have.
We may also aggregate the ‘personal information’ that we collect for reporting and statistical purposes and to help us improve our website and keep and/or provide to third parties. If we disclose any aggregated information to a third party, the information will be de-identified and will not contain any personally identifiable information. You agree that we may use your ‘personal information’ for any of these purposes.
To whom can we disclose your ‘personal information’?
We may disclose your ‘personal information’ to:
· if we provide any credit services in the future, participants in the payments system and other financial institutions for the purpose of resolving disputes, errors or other matters arising from our products and services;
· organisations that provide products or services used or marketed by us, including, credit providers, funders, lenders, valuers, trustee companies, financial institutions and securitisers, mortgage insurers, title insurers, surveyors, credit reporting agencies, rating agencies and debt collectors;
· companies and contractors who we retain to provide services for us, such as IT contractors, ‘software as a service providers’ (such as email engines and contract management service providers), data aggregation and data analytics platform providers, call centres, stationery printing houses, mail houses, storage facilities, lawyers, accountants and auditors;
· and other individuals or companies authorised by you.
You consent to us disclosing your information to such entities (and allowing such entities to use your personal information to provide their services) without obtaining your consent on a case by case basis.
Sometimes we are required or authorised by law to disclose your ‘personal information’. For example, we may disclose your ‘personal information’ to a Court, Tribunal or law enforcement agency in response to a request or subpoena or to the Australian Taxation Office.
Sending your ‘personal information’ offshore
We use several outsourced service providers that are ordinarily part of providing our services to you. Some of these third-party suppliers such as the marketing automation, email marketing and customer service platforms we use are located in countries outside of Australia or the EU. Some of the services provided by our third-party suppliers may also be located in the cloud.
We only use highly reputable third-party suppliers and we take all reasonable steps to ensure that our suppliers abide by the high standards that protect ‘personal information’ disclosed to us in Australia and the EU. Our contracts with these third parties generally include an obligation for them to comply with Australian privacy law and with this Policy and generally, we will maintain control of any data that is released to these third-party service providers. This means that even though we may send your ‘personal information’ to a third-party provider, that provider cannot see your ‘personal information’ and cannot use your ‘personal information’ for their own purposes. Not all countries have the same high standards for the protection of your ‘personal information’ as Australia and the EU and by using our website or by asking us to provide you with one of our products or services, you specifically consent to us sending your data out of Australia and the EU to countries located in the Americas, Asia or Europe and to the cloud.
Will we use your ‘personal information’ to send you information about our products and services’?
We may use your ‘personal information’ to send you information about our products, services and special offers, new products or services we are introducing or about changes to our organisation. By providing us with your ’personal information’, you consent to us using your ‘personal information’ to contact you on an ongoing basis for this purpose, including by SMS, social media, email, telephone or mail. If you do not want us to send you marketing information, you can contact our customer support team on the details in this Policy to ‘opt out’ of receiving this type of information. There is no charge if you elect to ‘opt out’ of receiving these types of updates and we will take all reasonable steps to ensure that you stop receiving them as soon as possible.
How can you access and correct the ‘personal information’ that we hold about you?
We want to ensure that your ‘personal information’ is always accurate, complete and up to date. Please help us to do this by contacting our customer support on the details set out in this Policy if any of the personal details you have given us have changed or if you believe that the ‘personal information’ that we hold about you is inaccurate.
You can ask us to provide you with access to the ‘personal information’ that we hold about you at any time. We will get back to you as soon as possible, however, for your protection, we will need to verify your identity before we give you access to your ‘personal information’.
There are situations where we cannot give you to access to your ‘personal information’ or may refuse to correct your ‘personal information’. For example, in some situations it may be unlawful for us to do so. We will advise you of any such situations if they arise.
If you reside in the EEU you also have additional rights to access and correct your ‘personal information’.
What additional access rights apply if you give us ‘personal information’ in the EEU?
If you reside in the EEA, you may have additional rights to request us to correct, amend, delete, or limit the use of your ‘personal information’ and you can contact us about any of the following additional rights:
· your right to request that we delete the ‘personal information’ we hold about you;
· your right to object to our processing of the ‘personal information’ we hold about you;
· your right to request that we restrict the processing of ‘personal information’ we hold about you;
· your right to have us transfer, where technically feasible, the ‘personal information’ we hold about you to another controller; and
· your right to withdraw consent to allow us to process ‘personal information’ we hold about you (unless we have compelling and legitimate grounds for continuing processing).
We will use our best endeavours to comply with your request where we have no need to keep your personal information, however, any action which we take is subject to our obligations under Australian law.
If you have any questions about these rights, or you would like to exercise any of them, please contact us on the customer support details in this Policy.
For your protection, we may need to verify your identity before we give you access to your ‘personal information’.
For how long will we hold your ‘personal information’?
We will only keep ‘personal information ’that we hold about you while we need it or while we are required by law to keep it. Once we no longer need your ‘personal information’, we will take all reasonable steps to destroy it or to de-identify it.
At any time we hold your ‘personal information’, we will only use and disclose as set out in this Policy.
Is the ‘personal information’ that we hold about you secure?
While we hold ‘personal information’, about you, we will take all reasonable precautions to protect it from misuse, interference, loss, unauthorised access, modification or disclosure.
However, although we endeavour to provide a secure online environment, there are inherent risks associated with the transmission of information via the internet and no data transmission over the internet can be guaranteed to be completely secure. We therefore cannot guarantee the security of any ‘personal information’ that you provide to us over the internet and you do so at your own risk.
We encourage you to help us to keep your ‘personal information’ secure by selecting a secure password and maintaining the confidentiality of that password. It is your responsibility to maintain confidentiality of your password and we will not be liable for any damage, loss or expense suffered because you have disclosed it or made it available to someone else.
What happens if you click on a link to a third party’s website that is contained in our website?
Our website may contain links to third party websites and social media features that are hosted by a third-party. A link to another website does not mean that we sponsor, endorse or approve the information found on that website. We are not responsible for the privacy policies or practices of third-party websites or social media features and you use of those websites and features are governed by the privacy policies and practices of the hosting entities.
Can you get a copy of this Policy in a different format?
If you would prefer to receive a copy of this Policy (including Section 9 about ‘Notifiable Matters’) in a different form (for example in hard copy or via email) please contact our Privacy Officer on the details in section 17 of this Policy. We will be pleased to comply with your request.
Contact customer support
If you have any questions or complaints about this Policy or our treatment of your ‘personal information’, or if you would like to access or correct your ‘personal information’, please contact the Thrive Privacy Officer with an email setting out your query or complaint to:
· Email: email@example.com
We will try to provide an initial response to your query or complaint within 48 hours; and resolve your query or complaint within 10 business days. If you are still not satisfied, you can contact the Australian Privacy Commissioner (see http://www.oaic.gov.au/about-us/contact-us-page or call 1300 363 992).