Privacy Policy

Version 2.5a
May 2018

PART 1 – PERSONAL AND CREDIT INFORMATION PRIVACY POLICY

Document Purpose

The purpose of this Privacy Policy is to provide a summary of how, why and when personal information and credit related personal information (credit information) is collected, disclosed, used, stored and otherwise handled by Tyro Payments Limited (Tyro). The Policy relates to personal information and credit information collected by any means and by any technology. Tyro treats the handling of personal and credit information very seriously. To that end, Tyro has systems and procedures in place to protect privacy in relation to the handling of personal and credit information. Tyro abides by the Australian Privacy Principles and the European Union General Data Protection Regulation (GDPR) (where applicable) and its objective is to handle information responsibly. This Privacy Policy does not apply to employee records (being records relating to a current or former employment relationship between Tyro and the individual).

Collection of Personal Information

Tyro collects and holds information about you and your interactions with Tyro including when you apply for, enquire about or use Tyro’s products or services, participate in any of Tyro’s promotional activities, contact Tyro by any means or visit Tyro’s website.

When you use the Tyro App or visit our website, we may use cookies, pixel tags or similar technology to enable us to collect, through a third party service provider, data about how you use Tyro’s website and the Tyro App. This data may include personal information. For example, the types of information we may collect include which pages you visit, the time and date of your visit, the internet protocol address assigned to your computer, location information, information about the type of device and operating system you use, user name, name and email addresses. This information will be considered personal information where we can link this information to your account. We use this information to help us to improve our website, the Tyro App and our services generally. We may also use this information to provide you with in-app or push notifications. For example, we may send you notifications within the Tyro App or while you are on the Tyro website to assist you where you have had trouble with a particular item in the App or for marketing purposes.

You may opt-out of having the data collected through your browser while on Tyro’s App or website automatically retained by visiting https://mixpanel.com/optout. If you get a new computer, install a new browser, erase or otherwise alter your browser’s cookie file (including upgrading certain browsers) this may clear the opt-out cookie.

We will handle any personal information collected by cookies, pixel tags or similar technology in the same way that we handle all other personal information as described in this Privacy Policy.

Tyro collects and holds information about your identity, contact details, identification information such as directorships, passport number, Australian citizenship certificate number, your gender and relationships with other people, tax residency status, your transaction information for any Tyro products you hold and other financial information which you provide to us or authorise us to access from third parties.

Collection of Credit Information

Tyro may collect, use, hold and disclose the following types of credit information:

  • Credit related identification information is information such as name, date of birth, current or previous address, name of current employer, drivers licence number, internet Protocol (IP) addresses and unique device identifiers (UDIDs).
  • Other credit related information is information such as type and amount of credit sought, publicly available information about an individual’s creditworthiness, default information, repayment history information, payment information in relation to overdue payments and personal insolvency information.

Tyro may undertake a credit check (or similar) through a credit reporting body in relation to an application made by you or to assess your eligibility for particular products and services. In this situation, Tyro may derive information about your eligibility to be provided with Tyro’s products and services from information about you contained in the credit check.

Purposes for collection

Tyro collects, holds, uses and discloses personal and credit information:

  • to establish your identity and assess applications for Tyro’s products and services;
  • to assess eligibility for any of Tyro’s products and services or particular features;
  • to conduct reference checks and background enquiries;
  • to design and price Tyro’s products and services;
  • to understand how you use Tyro’s products and to enhance your experience as well as to enhance Tyro’s features, products and services;
  • to conduct and enhance Tyro’s business;
  • to provide, administer and manage Tyro’s products and services including to provide all available features of our products and services, to process transactions, authenticate you when you access a Tyro product or service and provide customer support;
  • to identify and control or minimise risks to Tyro’s products and services;
  • to enable us to monitor suspicious or fraudulent activity in relation to Tyro’s products and services;
  • to manage Tyro’s relationship with you including contacting you in relation to Tyro’s products and services;
  • where required by law;
  • to enforce compliance with our terms and conditions;
  • to provide information to representatives and advisors, including lawyers and accountants, to help us comply with legal, accounting, or security requirements;
  • where we believe it is necessary to protect our legal rights, interests and the interests of others, including in connection with legal claims, compliance, regulatory and audit functions, prevention of fraud, ensuring data security;
  • to provide Tyro’s FinTechHub services;
  • to provide you with further information about services and products we think may interest you;
  • to resolve complaints;
  • for direct marketing, promotional and lead generation activities;
  • to manage our risks and identify illegal activity;
  • to provide support services;
  • for any other purpose consented to by you; and
  • for any other purpose related to any of the above purposes, as permitted under the Privacy Laws.

If you are an individual in the European Union (EU), we collect and process information about you only where we have a legal basis for doing so under the GDPR. The legal basis for processing your personal information will depend on the Tyro products or services you use and your relationship with Tyro (for example, whether you are a Tyro customer, you are a beneficial owner or controlling person of a Tyro customer or you receive products or services from a Tyro customer). We will only collect and use your personal information where one of the following legal bases apply:

  • it is required to provide you with the relevant Tyro products or services in accordance with our agreement with you;
  • it is necessary for the purposes of the legitimate interests of Tyro (which is not overridden by your data protection interests), including in connection with legal claims, compliance, regulatory and audit functions, prevention of fraud and ensuring data and system security;
  • you have given us consent to do so for a specific purpose; or
  • it is necessary for us to comply with our legal obligations.

If you are an individual in the EU and you have consented to our use of your personal information for a specific purpose, you have the right to withdraw your consent at any time, but this will not affect any processing that has already taken place.

Means of Collection and Holding of Information

Tyro collects the personal and credit information voluntarily provided by you through our application forms, via our website, over the phone, through the Tyro App or from third parties who Tyro has a relationship with. Tyro may also collect credit information about you from credit reporting bodies or other credit providers, subject to any restrictions under the Privacy Laws.

Tyro may also collect information about you, including where you are not a customer of Tyro, but are associated to a customer or are a customer of a service provider of Tyro, from that customer, through fraud monitoring systems implemented by Tyro or from publicly available sources such as registers maintained by the Australian Securities and Investments Commission and ABN Lookup, social media or made available by third parties.

Generally, the personal information that Tyro may request from you is required to enable Tyro to enter into a contractual agreement with you, is a requirement under the terms of the contractual agreement with you or is required by Tyro to comply with its obligations under applicable laws, such as the Anti-Money Laundering and Terrorism-Financing Act 2006 (Cth). You are not obliged to provide the personal information we request, however if you do not provide the personal or credit information requested by Tyro, Tyro may not be able to provide you (or the customer with which you are associated) with the requested products or services.

Tyro holds personal and credit information in electronic and physical form in accordance with the ‘Security of Information’ section of this Policy.

Use and Disclosure of Information

Tyro will use and may disclose personal and credit information for any of the purposes set out above. People Tyro may disclose your information to for the above purposes include:

  • Tyro’s service providers, including service providers that assist us to operate, provide, improve, integrate, customize, support, monitor and market our products and services;
  • providers of software that integrates with Tyro’s products and services;
  • entities to whom Tyro outsources functions;
  • people acting on your behalf including guardians, agents, people holding a power of attorney and people you authorise us to share information with;
  • guarantors (where you have Tyro lending products);
  • other financial institutions;
  • employers or former employers;
  • any referees you nominate in connection with your application for Tyro products or services;
  • credit reporting bodies and credit providers;
  • Tyro’s representatives and advisors, including lawyers and accountants;
  • government or law enforcement entities.

Where you permit or enable a Tyro application, product or service to integrate with another application, product or service (or use a feature of Tyro’s products and services that requires such integration), Tyro will disclose your personal and financial information to the provider of the integrated service and collect your personal and financial information from the software provider (where relevant).

Where you become a Tyro customer, Tyro may disclose financial information relating to your Tyro EFTPOS Facility to third parties for the assessment of the third party’s credit risk where it is in the business of lending money to you or your business, the improvement of customer service and marketing purposes. It is the responsibility of the third party to comply with all applicable regulatory requirements in relation to the use of the relevant financial information.

Tyro may be required in some circumstances to disclose personal or credit information where:

  • required or authorised by law;
  • required in order to investigate an unlawful activity;
  • required by an enforcement body for investigative activities; or
  • necessary to prevent a serious threat to a person’s life, health or safety, or to public health or safety.

Tyro discloses personal information to overseas third parties located in the United States of America and Singapore for the purposes of marketing and lead generation activities and obtaining product analytics to allow it to improve its products and services In addition, personal information may need to be transferred to service providers located in other overseas countries from time to time in order for Tyro to perform its functions or activities. Some of these overseas third parties may not have equivalent privacy and data protection laws to the country in which you reside and may not, in the case of individuals located in the EU, be subject to an adequacy decision of the European Commission that the third country ensures an adequate level of protection. Tyro will use its best endeavours to ensure that personal information will receive protection similar to that which it would have if the information were in Australia by implementing standard data protection obligations in its contractual agreements with these overseas service providers. For more information, please contact the Privacy Officer.

Tyro may disclose personal and credit information to an Australian-based office of a third party with offices located overseas (in addition to the Australian-based office), such as VISA, MasterCard and China Union Pay. This information may be disclosed to and used by the third party’s overseas offices, located predominantly in the United States. The disclosure and use of information between the third party’s Australian-based office and its overseas offices will be governed by that third party’s privacy policy.

If you register to use the BPAY Scheme, you agree to us disclosing to billers nominated by you and if necessary the entity operating the BPAY Scheme (BPAY Pty Ltd) or any other participant in the BPAY Scheme and any agent appointed by any of them from time to time, including Cardlink Services Limited, that provides the electronic systems needed to implement the BPAY Scheme the following information:

  • such of your personal information (for example your name, email address and the fact that you are our customer) as is necessary to facilitate your registration for or use of the BPAY Scheme;
  • such of your transactional information as is necessary to process your BPAY Your BPAY Payments information will be disclosed by BPAY Pty Ltd, through its agent, to the biller’s financial institution.

If any of your personal information changes, we may be required to disclose your updated personal information to other participants in the BPAY Scheme.

You can request access to your information held by BPAY Pty Ltd or its agent, Cardlink Services Limited by referring to the procedures set out in the privacy policy of the relevant entity.

Direct Marketing

From time to time Tyro may use personal information to send you information regarding Tyro’s services and products. If you do not wish to receive direct marketing information, you can contact the Privacy Officer using the contact details provided below and Tyro will take immediate steps to ensure that you do not receive any direct marketing information in future.

Quality of Information

Tyro’s objective is to ensure that all information collected by Tyro is accurate, complete and up-to-date. If Tyro is unable to update its records following a request to do so it will notify you and provide its reasons in writing. Tyro will update records if notified that information is not accurate, complete or up-to-date. If you believe the information that Tyro holds about you is not accurate, please contact the Privacy Officer using the contact details provided below.

Security and Retention of Information

Tyro is committed to keeping information secure and will take all reasonable precautions to protect information from unauthorised access, interference, modification, disclosure, loss, misuse or alteration. Personal and credit information may be stored in hard copy documents or electronically on Tyro’s software or systems. Tyro maintains physical security over its paper and electronic data stores, such as locks and security systems. Tyro also maintains computer and network security using passwords to control and restrict access to authorised staff for approved purposes.

The period of time for which your information will be retained by Tyro will depend on the types of information we hold about you. Generally, your information will be retained for the period during which you have an ongoing relationship with Tyro and for a period of at least 7 years after this relationship ceases, or such other period of time as required under specific legislation relating to the type of information held (for example under the Anti-Money Laundering and Terrorism-Financing Act 2006 (Cth)).

Access to Information

Any individual or company may request access to the personal and credit information Tyro holds about them and seek correction of this information. An individual may also request confirmation from Tyro as to whether we are processing their personal data.

Requests should be made by phone on 1300 966 639 or +61 2 8907 1750 or in writing and addressed to the Privacy Officer at privacy@tyro.com. In some circumstances, Tyro may not be in a position to provide access or make a correction to the information held. If Tyro denies your request, it will provide its reasons in writing.

Tyro will respond to your request for access to your information within a reasonable time after you make the request and if access is granted, access will be provided within 30 days from your request. Tyro will, on request, provide you with access to your information or update or correct your information, unless an exception applies to us granting your request, for example if:

  • giving access would be unlawful;
  • we are required or authorised by law or a court/tribunal order to deny access;
  • giving access is likely to prejudice one or more enforcement related activities conducted by an enforcement body; or
  • the request is manifestly unfounded or excessive.

Where your request for access is accepted, Tyro will provide you with access to your information in a manner, as requested by you, providing it is reasonable to do so.

Your request for correction will be dealt with within 30 days, or such longer period as agreed by you.

Upon accepting a request for correction of your information, we will take all steps that are reasonable in the circumstances, having regard to the purpose for which your information is held, to correct your information.

If your request for correction of credit information is accepted Tyro will provide written notice of this correction to any entity to which we have disclosed this information previously, to the extent that this is practicable.

Additional rights applying to EU Individuals

If you are an individual in the EU, you have the following additional rights:

  • Erasure of your personal information: You may request erasure of your personal information in certain circumstances. For example, if you believe your personal information is no longer necessary for the purpose which Tyro collected it or if you have withdrawn your consent for Tyro to process your personal information.
  • Restriction or objection to processing personal information: You may request Tyro to restrict or stop the processing of your personal data in certain circumstances. For example, if you believe the personal information we hold is not accurate, if you believe that the data has been unlawfully processed or if we are using your personal information for direct marketing activities.
  • Data portability: You may request Tyro to provide you with a copy of your personal information in a format that you can easily move or provide to another service provider. Your right to data portability applies to some, but not all, of your personal information.

Requests should be made by phone on 02 8907 1750 or in writing and addressed to the Privacy Officer at privacy@tyro.com. Tyro may refuse your request, for example if we still have a legitimate business interest in keeping and continuing to process that personal information, if processing of your personal information is necessary to comply with a legal obligation, or if the request is manifestly unfounded or excessive (as applicable). If Tyro denies your request, it will provide its reasons in writing.

Change to this Policy

Tyro may change this Policy from time to time for any reason and will update the Policy accordingly. The up to date version of this Policy is located on Tyro’s website, www.tyro.com. You will be notified of any changes to this policy by Tyro uploading an updated version to this website.

Complaints

Any complaints should be directed to the Privacy Officer in the first instance at privacy@tyro.com. If you believe Tyro has not adequately dealt with your complaint, you may complain to the Privacy Commissioner, details of which can be found at www.oaic.gov.au.

If you are an individual in the EU, you may lodge a complaint with your local data protection supervisory authority within the European Union if your complaint has not been adequately dealt with by Tyro.

Privacy Officer Contact

Our Privacy Officer’s contact details are:

Phone: 1300 966 639 or +61 2 8907 1750
Email: privacy@tyro.com
Mail: Level 1, 155 Clarence Street Sydney NSW 2000

If you are an individual in the EU, please contact the Privacy Officer to obtain details of Tyro’s representative for the purposes of the GDPR.

PART 2 – CREDIT INFORMATION NOTIFIABLE MATTERS

In accordance with Tyro’s obligations under the Australian Privacy Act, Tyro sets out the following notifiable matters in relation to any of your personal or credit information disclosed by Tyro to a credit reporting body for the purposes of undertaking a credit check or disclosing payment default information in relation to commercial credit provided to you:

  1. Tyro only provides commercial credit and is therefore not subject to any obligations under the Australian Privacy Act that apply only in relation to a credit provider that provides consumer credit.
  2. In connection with the provision of commercial credit, Tyro may disclose your personal and credit information to credit reporting bodies for the purposes of undertaking a credit check in relation to an application made by you or assessing your eligibility for Tyro products or disclosing payment default information or have committed a serious credit infringement, if that is the case. We may disclose information to or collect information from the following CRBs whose privacy policy and contact details are at:

Equifax Australia – www.equifax.com.au or 13 8332

Dun & Bradstreet – www.dnb.com.au or 13 2333

  1. Equifax and Dun & Bradstreet may include any of your personal or credit information, disclosed to it by Tyro, in reports provided to other credit providers to assist other credit providers to assess your credit worthiness.
  2. Tyro’s policy about the management of personal and credit information is set out in Part 1 of this document. In accordance with Part 1 of this document, you may request to access or correct your personal or credit information and to make a complaint to Tyro.
  3. You have the right to make a request to Equifax and Dun & Bradstreet not to use or disclose your credit reporting information:
    1. for the purposes of pre-screening of direct marketing by a credit provider; or
    2. if you believe on reasonable grounds that you have been, or are likely to be, a victim of fraud.