Privacy Policy

Version 2.3
September 2016

PART 1 – PERSONAL AND CREDIT INFORMATION PRIVACY POLICY

Document Purpose

The purpose of this Privacy Policy is to provide a summary of how, why and when personal information and credit related personal information (credit information) is collected, disclosed, used, stored and otherwise handled by Tyro Payments Limited (Tyro). The Policy relates to personal information and credit information collected by any means and by any technology. Tyro treats the handling of personal and credit information very seriously. To that end, Tyro has systems and procedures in place to protect privacy in relation to the handling of personal and credit information. Tyro abides by the Australian Privacy Principles and its objective is to handle information responsibly. The Privacy Act provides for an exemption in relation to employee records (being records relating to a current or former employment relationship between Tyro and the individual). Tyro is not required to comply with the Australian Privacy Principles when dealing with employee records.

Collection of Personal Information

Tyro collects and holds the following types of personal information:

  • Personal information is information or opinion from which an individual’s identity may be ascertained either by itself or if combined with other information. The nature of personal information collected by Tyro generally comprises the name and contact details (including address, phone, fax and e-mail) of an individual or company.
  • Financial information is credit card, debit card and EFTPOS card transaction information that has been processed by Tyro and recorded via Tyro’s online reporting system and includes without limitation volume of transactions, chargebacks and transaction value information.

Personal information is collected for the primary purpose of performing services in accordance with Tyro’s business activities. Tyro does not collect personal information unless it is necessary to perform one or more of its functions and activities and will destroy personal information when it is no longer required for such functions and activities.

Collection of Credit Information

Tyro may collect, use, hold and disclose the following types of credit information:

  • Identification information is information such as name, date of birth, current or previous address, name of current employer and drivers licence number.
  • Other credit related information is information such as type and amount of credit sought, publicly available information about an individual’s creditworthiness, default information, repayment history information, payment information in relation to overdue payments and personal insolvency information.

Purposes for collection

Tyro collects, holds, uses and discloses personal and credit information for the following purposes:

  • to provide credit, debit and EFTPOS card acquiring services and products;
  • to provide BPAY Payment services;
  • to provide banking and loan products;
  • to provide FinTechHub services;
  • to provide further information about the services and products we provide;
  • to assess and process applications for facilities supplied by Tyro;
  • to administer and manage facilities supplied by Tyro;
  • to resolve complaints;
  • process payments;
  • direct marketing and lead generation activities;
  • to provide support services; and
  • any other purpose related to any of the above.

Means of Collection and Holding of Information

Tyro collects the personal and credit information voluntarily provided by you through our application forms and may also collect credit information about you from credit reporting bodies or other credit providers, subject to any restrictions under the Privacy Act. Tyro may also collect information about you, including where you are not a customer of Tyro, but are associated to a customer of Tyro, from publically available sources such as registers maintained by the Australian Securities and Investments Commission and ABN Lookup.

If you do not provide the personal or credit information requested by Tyro, Tyro may not be able to provide you with your requested products or services.

Tyro holds personal and credit information in electronic and physical form in accordance with the ‘Security of Information’ section of this Policy.

Use and Disclosure of Information

Tyro will use and disclose personal and credit information for the purpose for which the information was initially collected. Tyro may also use personal and credit information for a purpose related to the initial purpose of collection if that other purpose would be within the provider’s reasonable expectations. Related purposes might include internal auditing and administration or adding a name to a contact list, guest list or invitation list. Tyro will not use or disclose the personal or credit information of an individual for any purpose other than the primary purpose for which the information was collected without first obtaining express or implied consent.

Tyro may undertake a credit check (or similar) through a credit reporting body in relation to an application made by you. In this situation, Tyro may derive the following types of personal information from information about you contained in the credit check:

  • your eligibility to be provided with the services to which your application relates.

Personal or credit information provided to Tyro may be shared with related companies if this is necessary for Tyro to carry out its business where it will be kept strictly confidential and will only be disclosed on a need to know basis. This may involve direct marketing. If it does, the individual will be provided with an opportunity to opt out of receiving direct marketing from Tyro. Tyro may however be required to disclose personal or credit information without consent if the disclosure is:

  • required or authorised by law;
  • required in order to investigate an unlawful activity;
  • required by an enforcement body for investigative activities; or
  • necessary to prevent a serious threat to a person’s life, health or safety, or to public health or safety.

Tyro discloses personal information to an overseas third party located in the United States of America and Singapore for the purposes of marketing and lead generation activities. Tyro will use its best endeavours to ensure that personal information will receive protection similar to that which it would have if the information were in Australia. In addition, personal information may need to be transferred overseas in order to perform one of Tyro’s functions or activities. In these circumstances, Tyro will either obtain express or implied consent or will use its best endeavours to ensure that personal information will receive protection similar to that which it would have if the information were in Australia.

Tyro may disclose personal and credit information to an Australian-based office of a third party with offices located overseas (in addition to the Australian-based office), such as VISA, MasterCard and China Union Pay. This information may be disclosed to and used by the third party’s overseas offices, located predominantly in the United States. The disclosure and use of information between the third party’s Australian-based office and its overseas offices will be governed by that third party’s privacy policy.

If you register to use the BPAY Scheme, you agree to us disclosing to billers nominated by you and if necessary the entity operating the BPAY Scheme (BPAY Pty Ltd) or any other participant in the BPAY Scheme and any agent appointed by any of them from time to time, including Cardlink Services Limited, that provides the electronic systems needed to implement the BPAY Scheme the following information:

  • such of your personal information (for example your name, email address and the fact that you are our customer) as is necessary to facilitate your registration for or use of the BPAY Scheme;
  • such of your transactional information as is necessary to process your BPAY Your BPAY Payments information will be disclosed by BPAY Pty Ltd, through its agent, to the biller’s financial institution;

If any of your personal information changes, we may be required to disclose your updated personal information to other participants in the BPAY Scheme.

You can request access to your information held by BPAY Pty Ltd or its agent, Cardlink Services Limited by referring to the procedures set out in the privacy policy of the relevant entity.

Tyro relies on third party suppliers who are contracted to conduct certain specialised activities. While personal information may be provided to these suppliers in order to enable them to perform the agreed tasks, Tyro will make every effort to ensure that the supplier handles the personal information in accordance with the Australian Privacy Principles.

Use and Disclosure of Financial Information

Provided a Merchant Service Agreement has been signed by an individual or company, Tyro may disclose financial information relating to the EFTPOS facility held by that individual or company to mutual third parties for the assessment of the mutual third party’s own credit risk where it is in the business of lending money to the individual or company, the improvement of customer service and marketing purposes. Tyro will not disclose the financial information of an individual or company for any other purpose without first obtaining express or implied consent. It is the responsibility of the mutual third party to comply with all applicable regulatory requirements in relation to the use of the financial information.

Direct Marketing

From time to time Tyro may use personal information to send information regarding Tyro’s services and products to an individual. If an individual does not wish to receive direct marketing information, that individual can contact Tyro using the following contact details:

Privacy Officer: Soula Biris
Tyro Payments Limited PHONE 02 8907 1649
EMAIL privacy@tyro.com

and Tyro will take immediate steps to ensure that the individual does not receive any direct marketing information in future.

Quality of Information

Tyro’s objective is to ensure that all information collected by Tyro is accurate, complete and up-to-date. If Tyro is unable to update its records following a request to do so it will notify you and provide its reasons in writing. Tyro will update records if notified that information is not accurate, complete or up-to-date. If you believe the information that Tyro holds in respect of you is not accurate, please contact us using the following details:

Privacy Officer: Soula Biris
Tyro Payments Limited PHONE 02 8907 1649
EMAIL privacy@tyro.com

Security of Information

Tyro is committed to keeping information secure and will take all reasonable precautions to protect information from unauthorised access, interference, modification, disclosure, loss, misuse or alteration. Personal and credit information may be stored in hard copy documents or electronically on Tyro’s software or systems. Tyro maintains physical security over its paper and electronic data stores, such as locks and security systems. Tyro also maintains computer and network security using passwords to control and restrict access to authorised staff for approved purposes.

Access to Information

Any individual or company may request access to the personal and credit information Tyro holds about them and seek correction of this information. Requests should be made in writing and addressed to the Privacy Officer at privacy@tyro.com. In some circumstances, Tyro may not be in a position to provide access or make a correction to the information held. If Tyro denies your request, it will provide its reasons in writing.

Tyro will respond to your request for access to your information within a reasonable time after you make the request and if access is granted, access will be provided within 30 days from your request. Tyro will, on request, provide you with access to your information or update or correct your information, unless the Act provides an exception to us granting your request, including if:

  • giving access would be unlawful;
  • we are required or authorised by law or a court/tribunal order to deny access; or
  • giving access is likely to prejudice one or more enforcement related activities conducted by an enforcement body.

Where your request for access is accepted, Tyro will provide you with access to your information in a manner, as requested by you, providing it is reasonable to do so.

Your request for correction will be dealt with within 30 days, or such longer period as agreed by you.

Upon accepting a request for correction of your information, we will take all steps that are reasonable in the circumstances, having regard to the purpose for which your information is held, to correct your information.

If your request for correction of credit information is accepted Tyro will provide written notice of this correction to any entity to which we have disclosed this information previously, to the extent that this is practicable.

Change to this Policy

Tyro may change this Policy from time to time for any reason and will update the Policy accordingly. The up to date version of this Policy is located on Tyro’s website, www.tyro.com. You will be notified of any changes to this policy by Tyro uploading an updated version to this website.

Complaints

Any complaints should be directed to the Privacy Officer in the first instance at privacy@tyro.com. If you believe Tyro has not adequately dealt with your complaint, you may complain to the Privacy Commissioner, details of which can be found at www.oaic.gov.au.

PART 2 – CREDIT INFORMATION NOTIFIABLE MATTERS

In accordance with Tyro’s obligations under the Privacy Act, Tyro sets out the following notifiable matters in relation to any of your personal or credit information disclosed by Tyro to a credit reporting body for the purposes of undertaking a credit check or disclosing payment default information in relation to commercial credit provided to you:

  1. Tyro only provides commercial credit and is therefore not subject to any obligations under the Privacy Act that apply only in relation to a credit provider that provides consumer credit.
  2. In connection with the provision of commercial credit, Tyro may disclose your personal and credit information to the following credit reporting bodies for the purposes of undertaking a credit check in relation to an application made by you or disclosing payment default information:

VEDA

You may contact VEDA using the details set out below:

  • In relation to your information held by Secure Sentinel – Email: customerservice@securesentinel.com.au or Phone: 1800 022 043
  • In relation to your information held by Verify – Postal address: Verify Holdings Australia Ltd Locked Bag 965, NORTH SYDNEY NSW 2059 or Email: info@verifycv.com.au.

Dun & Bradstreet

You may contact Dun & Bradstreet using the details set out below:

  1. VEDA and Dun & Bradstreet may include any of your personal or credit information, disclosed to it by Tyro, in reports provided to other credit providers to assist other credit providers to assess your credit worthiness.
  2. Tyro’s policy about the management of personal and credit information is set out in Part 1 of this document. In accordance with Part 1 of this document, you may request to access or correct your personal or credit information and to make a complaint to Tyro.
  3. You may access a copy of VEDA’s policy and Dun & Bradstreet’s policy about its management of credit information on its website at www.veda.com.au and www.dnb.com.au respectively.
  4. You have the right to make a request to VEDA and Dun & Bradstreet not to use or disclose your credit reporting information:
    1. for the purposes of pre-screening of direct marketing by a credit provider; or
    2. if you believe on reasonable grounds that you have been, or are likely to be, a victim of fraud.