3. Information we collect
We collect and hold your information directly from you and from different sources to provide you with money transfer and foreign exchange services (services).
The types of Personal Information we collect may include but is not limited to an individual’s name, residential address, contact number, date of birth, gender, identification document(s), occupation, relationship between sender and receiver, receiver information, income and financial information provided to assist with our obligations under the AML/CTF Act.
We do not store your payment details that you input when using our online platform. However, we may need to collect and hold your bank statement and/or payment slip for the purpose of approving your payments to us.
By using our services, you agree to the collection, transfer and storage of this information on our system database and storage devices, and to service providers and Affiliates to fulfil the transaction.
We may collect and update information through these means:
- When you wish to use our services when you visit one of our branches or Affiliates and provide information in person;
- When you submit information online to us or our Affiliates;
- Through other means of communication such as mail, over the phone, via email, and via SMS;
- From a third-party source to verify any information you provide in order to carry out a transaction.
If someone other than you provides us with personal information about you, that we did not ask for and we determine that we could have collected this information from you had we asked for it, we will notify you, as soon as practicable. This notice will be given unless doing so would be in breach of an obligation of confidence. If we determine we could not have collected the information from you, we will take reasonably-practicable steps to de-identify or destroy the information if it is lawful and reasonably practical to do so.
We will only collect personal information that is reasonably necessary for or directly related to, one or more of our functions. If we are unable to collect the required personal information, we may not be able to do business with you or the organisation in which you are authorised to act for.
4. Privacy Disclosure and Consent
We will use your personal information to provide you with our services and to meet our regulatory requirements including Anti-Money Laundering/Counter Terrorism Funding (AML/CTF) obligations. We may use any email address, other personal information or contact information you provide to us at any time for this purpose.
We may also use your information for the marketing communication with your consent (Refer to clause 6 – Direct Marketing).
You agree and acknowledge that even if you opt out of receiving marketing material, we can still contact you relating to the services we have provided you.
We reserve the right not to disclose information to you, other than the personal and sensitive information that you are entitled to access that we hold on or about you.
4.1 Disclosure to other organisations in order to provide our services
We may disclose your personal information to our service providers and Affiliates. This disclosure may be to entities within Australia and overseas. These include organisations to that help us comply with our regulatory obligations (e.g. verify your identity, screen your name against watch lists and provide advice or compliance and auditing services) and a corresponding local or international party service provider that we partner with to fulfil your transfer instructions.
4.2 Disclosure to the Australian Transaction Reports and Analysis Centre (AUSTRAC) and other government agencies:
Under the AML/CTF Act, we are required to disclose information to AUSTRAC. From time to time other government agencies may request information which we are obliged to provide.
4.3 Disclosure to you or your Attorney
Our privacy disclosure and consent process is as follows. The customer or a person authorised under a valid Power of Attorney of the customer has personal information disclosed to them only once they have been properly identified and verified with approved identification and documentation. Information may be given to a customer’s Power of Attorney when they have been identified as such with an original or a certified copy of appropriate documentation. We reserve the right not to disclose any information until we are satisfied with the identity of the customer or the Attorney of the customer.
4.4 Disclosure to your authorised person
We may allow your information to be disclosed to an authorised person. For this to happen, we would need a written authorisation from you. The customer and the authorised person must first be properly identified and verified with approved identification documentation. In addition to this, we would need confirmation in person that this disclosure is allowed. We reserve the right not to disclose any information until we are satisfied with the identity of the authorised person and the customer.
4.5 Security Incident regarding privacy risks
In the event of a security incident involving unauthorised access, use or disclosure of personal information where we may need to share personal information with a third party (such as a forensic specialist), we will seek to work cooperatively with them to protect the personal information. We may disclose further information for the purpose of investigating a security incident.
5. Confidentiality and Security
We will use all reasonable endeavours to keep your personal information in a secure environment and to ensure that records of customer information are protected from unauthorised access. However, this security cannot be guaranteed. We implement industry-accepted standards in protecting your information provided to us in person or on our websites. Additionally, we adopt Secure Socket Layer (SSL) encryption technology to protect your sensitive information transmitted on our websites. Your information is securely stored on our transaction process platform backed up to the cloud via Amazon Web Services. We also require a username and password and/or a customer verification from each user who wants to access his or her information.
We maintain physical, electronic and procedural safeguards that comply with applicable government regulations to protect your personal information. We use up-to-date technology and procedures to ensure customer data is protected from unauthorised access, misuse, and/or loss.
Notwithstanding the reasonable steps taken to keep information secure, breaches may occur. In the event of a security incident, we have put in place procedures to promptly investigate the incident and determine if there has been a data breach involving personal information and if so, to assess if it is a breach that would require notification. If it is, we will notify affected parties in accordance with Privacy Act requirements.
Our organisation, our employees and Affiliates are the only people allowed to have access to customer information and, within the organisation, only those employees who need to access this information as part of their job will be able to do so.
If we no longer need your personal information, unless we are required under Australian law to retain it, we will take reasonable steps to destroy or de-identify your personal information.
6. Direct Marketing
We will use your personal information primarily for providing you with our services, and also for direct marketing purposes. This includes but is not limited to sending you information about new developments, new services and special offers.
You can, at any time, opt out of receiving marketing material by contacting us (Refer to clause 11). You agree and acknowledge that even if you opt out of receiving marketing material, we can still contact you relating to the services we have provided you. Once you request to opt out from receiving our marketing material this removal from our distribution lists may take several business days after the date of your request to take effect.
7. Accuracy of Information
We take all reasonable steps to ensure that your personal information held by us is accurate, up-to-date, complete, relevant and not misleading. If you believe that any of your personal information is not accurate, up-to-date, complete, relevant or is misleading, please contact us (Refer to clause 11) and we will take all reasonable steps to correct it within a reasonable time.
You may request details of information we hold and request us to correct or erase any erroneous or out-of-date Information by using the contact methods listed at the end of this statement. We reserve the right not to disclose information to you, other than the personal and sensitive information that you are entitled to access that we hold on or about you as long as it is lawful to do so. To protect your
8. Your Consent
If you believe your privacy may have been interfered with by us, you have the right to make a complaint about the matter by contacting our Privacy Officer at the contact details below. We will investigate the complaint, respond to you promptly and attempt to resolve it.
If we receive a request in writing from you seeking resolution of a dispute concerning our services, we will respond to you in writing within 30 days of receipt of the request.
If you are dissatisfied with our handling of the complaint, or the outcome, you may take your complaint to the Office of the Australian Information Commissioner (OAIC). Further information is available by phoning: 1300 363 992 or at: http://www.oaic.gov.au/about-us/contact-us-page
11. Access to Information We Hold About You
If you request access to the personal information or records we hold about you, we will respond to your request within a reasonable period of time.
We will give access to information after identification and verification through approved identification documentation, in a manner you request, where possible. This will be subject to any exemptions allowed under the Privacy Act.
We will charge you a reasonable administration fee for providing that information.
You may request this information or make for any complaints to E&A by one of the following:
- in person at one of our branches
- online at http://hhmt.com.au/contact-us/
- email firstname.lastname@example.org
- telephone +61 (2) 9728 7928
- by post to: The Privacy Officer, Eastern & Allied Pty Ltd, 56 John Street, Cabramatta, NSW 2166, Australia