This policy sets out the personal information handling practices of PayMe Australia Pty Ltd and any subsidiary companies managed by PayMe Australia. The policy demonstrates how we comply with our obligations under the Privacy Act 1988 (Privacy Act) and manage your personal information in accordance with the Australian Privacy Principles (APPs). The APPs regulate how we may collect, use, disclose and store your personal information, and how you may access and correct the personal information that we hold about you.We will only collect information that is reasonably necessary for the proper performance of our activities or functions. We do not collect personal information just because we think it could be useful at some future stage if we have no present need for it. We do not collect or use personal information for the purposes of unlawful discrimination. We may decline to collect unsolicited personal information from or about you and may take such measures as we think appropriate to purge it from our systems.By following the links in this document, you will be able to find out how we manage your personal information as an APP Entity under the APPs.
PayMe manages personal information, as an APP Entity, under the APPs and must take such steps as are reasonable in the circumstances to implement practices, procedures and systems relating to the entity’s functions or activities that:
- will ensure that the entity complies with the APPs; and
- will enable the entity to deal with inquiries or complaints from individuals about the entity’s compliance with the Australian Privacy Principles or such a code
Open and Transparent management of Personal Information
Anonymity and pseudonymity
When making a general enquiry as an individual, you do not have to identify yourself where reasonable to do so. We can provide general information to you without requesting any personal information.
Collection of Solicited Personal Information
When collecting personal information;
- we check that it is reasonably necessary for our functions or activities as a provider of novated car leasing, salary packaging and payroll services;
- we check that the information is current, complete and accurate. This will sometimes mean that we have to cross check the information that we collect from you with third parties;
- we record and hold your information in our Information Record System. No information may be disclosed to overseas recipients without your consent;
- we retrieve your information when we need to use or disclose it for our functions and activities. At that time, we check that it is current, complete, accurate and relevant. This will sometimes mean that we have to cross check the information that we collect from you with third parties once again – especially if some time has passed since we last checked.
Kinds of personal information that we collect and hold
In performing our functions and activities of novated car leasing, salary sacrificing and payroll services, we may collect and hold the following kinds of personal information about you:
- name, address and contact details, date of birth, recruitment company, recruiters name, bank account details;
- living away from home allowance information, including rental accommodation leases or rates notices;
- tax file declaration and superannuation choices form;
- asset and liabilities, payslips, payment summaries and visa information;
- employer information and contact details;
- drivers license, deed of novation and car insurance policy, privacy consent form; and
- information about incidents in the workplace.
Sensitive information is only collected with consent and where it is necessary for the performance of our functions and activities. Sensitive information will need to be collected where it relates to a genuine requirement. Our collection of some types of sensitive information is also governed by equal opportunity and anti-discrimination laws.
How we collect and hold personal information
We made collect personal information about you directly from you as well as indirectly from third parties.In performing our functions and activities, we may collect your personal information using a variety of methods including:
- paper based and electronic secured forms;
- in person and over the phone; and
- email correspondence.
We collect and store your personal information securely on our secure internal information systems. When we no longer are required to hold your personal information it is destroyed by purging from our information systems and destroyed in accordance with our policy.We do not destroy or de-identify information that is contained in a Commonwealth Record
Use or Disclosure
We only use or disclose your personal information for the purposes for which it was given to us in relation to our functions or activities which we are undertaking for you.We do not disclose your personal information and are unlikely to disclose your personal information to overseas recipients. Instances whereby we may disclose your personal information include:
- you have consented to the release of the information through a signed consent form;
- you would reasonably expect, or have been told that we usually disclose information of this kind; or
- the disclosure is otherwise required or authorised by law.
Photos & Images
We will not request that you supply photographs, scan photo ID, or capture and retain video image data of you in cases where simply sighting photographs or proof of identity documents would be sufficient in the circumstances.At times video surveillance which operates in or near our premises may capture images of you.
This section explains how we handle personal information collected from our website and by other technology in the course of electronic transactions.It is important that you understand that there are risks associated with use of the Internet and you should take all appropriate steps to protect your personal information. It might help you to look at the OAIC’s resource on Internet Communications and other TechnologiesIt is important that you:
- be careful what information you share on the Web;
- make sure your anti-virus and data protection software is up-to-date.
Please contact us by land line phone or mail if you have concerns about making contact via the Internet. Sometimes, we collect personal information that individuals choose to give us via online forms or by email, for example when individuals:
- ask to be on an email list to receive our blogs;
- register as a site user to access facilities on our site;
- make a written online enquiry or email us through our website;
- submit a join on-line form or a quote for a car lease by email or through our website;
Related Purpose Disclosures
We outsource a number of services to contracted service suppliers (CSPs) from time to time. Our CSPs may see some of your personal information. Typically our CSPs would include:
- Software solutions providers;
- I.T. contractors and database designers and Internet service suppliers;
- Legal and other professional advisors;
- Insurance brokers, loss assessors and underwriters; and
- Superannuation fund managers.
If you find that personal information that we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, you can ask us to correct it by contacting us.We will take such steps as reasonable in the circumstances to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up to date, complete, relevant and not misleading.If we have disclosed personal information about you that is inaccurate, out of date, incomplete, irrelevant or misleading, you can ask us to notify the third parties to whom we made the disclosure and we will take such steps (if any) as are reasonable in the circumstances to give that notification unless it is impracticable or unlawful to do so.You should also anticipate that it may take a little time to process your application for correction as there may be a need to retrieve information from storage and review information in order to determine what information may be corrected. We will generally respond to your request for access within two working days.There is no charge to correct information.In some cases we may not agree that the information should be changed.If we refuse to correct your personal information as requested by you, we will give you a written notice that sets out:
- the reasons for the refusal except to the extent that it would be unreasonable to do so; and
- the mechanisms available to complain about the refusal.
You may also ask us to associate a statement that the information is contested as being inaccurate, out of date, incomplete, irrelevant or misleading and we will take such steps as are reasonable to do so.
Notifiable Data Breaches Scheme;
PayMe takes the security of your data to be our paramount responsibility. This includes protecting personal information from misuse, interference and loss, and from unauthorized access, modification or disclosure. In the event we experience or suspect any form of data breach we will take immediate remedial action to contain and limit any further access or distribution of the breach. PayMe will immediately implement the Data Breach response action plan https://www.oaic.gov.au/resources/privacy-law/privacy-act/notifiable-data-breaches-scheme/flowchart.pdf and the Privacy team will notify affected individuals or entity (s) at risk of serious harm, depending on what is “practicable” and in accordance with the Notifiable Data Breaches (NDB) Scheme (s) that a breach has occurred.
Ensuring that the notification to the Office of the Australian Information Commissioner is completed.
To whom is the data passed and how do we protect it along the way;
PayMe is an Australian company and does not send or process any data outside of Australia. PayMe does not outsource any of its functions to any countries outside of Australia including the European Union(EU) or outside of the EU.
How to contact us;
For more information visit www.payme.com.au Or call us on 1800 082 006
PayMe Australia – Head Office Ground Floor Suite 6 – 18 Napier Close Deakin ACT 2600
PayMe Australia Pty Ltd PO Box 244 Deakin ACT 2601
You have a right to complain about our handling of your personal information if you believe that we have interfered with your privacy.
How to make a complaint
If you are making a complaint about our handling of your personal information, it should first be made to us in writing.You can make complaints about our handling of your personal information to our Privacy Co-ordinator, whose contact details are Maria Lindgren, PO Box 244 Deakin ACT 2600, Phone 1800 082 006, email: firstname.lastname@example.orgYou can also make complaints to the Office of the Australian Information CommissionerHow your complaint will be handledWhen we receive your complaint:
- We will take steps to confirm the authenticity of the complaint and the contact details provided to us to ensure that we are responding to you or to a person whom you have authorised to receive information about your complaint;
- Upon confirmation we will write to you to acknowledge receipt and to confirm that we are handling your complaint in accordance with our policy.
- We may ask for clarification of certain aspects of the complaint and for further detail;
- We will consider the complaint and may make inquiries of people who can assist us to established what has happened and why;
- We will require a reasonable time (usually 30 days) to respond;
- If the complaint can be resolved by procedures for access and correction we will suggest these to you as possible solutions;
If we believe that your complaint may be capable of some other solution we will suggest that solution to you, on a confidential and without prejudice basis in our response;If the complaint cannot be resolved by means that we propose in our response we will suggest that you take your complaint to any recognised external dispute resolution scheme or the Credit Ombudsman Service of which we are a member #M0020165 or to the Office of the Australian Information Commissioner.