You have certain rights regarding the personal information we maintain about you. We offer you choices about what personal information we collect from you, how we use that information, and how we communicate with you, as set out below.
Collection of Personal Information
This data may include personal information. For example, the types of information we may collect include which pages you visit, the time and date of your visit, the Internet Protocol address assigned to your computer, location information, information about the type of device and operating system you use, username, name, email addresses, browser type, mobile device identifier, referring URLs and information on actions taken or interaction with our digital assets. This information will be considered personal information where we can link this information to your account or to an identifiable individual. We use this information to help us to improve our website, Tyro’s internet-based portals and our services generally. We may also use this information to provide you with in-app or push notifications. For example, we may send you notifications within Tyro’s internet-based portals or while you are on the Tyro website to assist you where you have had trouble with a particular item in the App or for marketing purposes.
For further information on “cookies” and “web beacons” refer to Part 4 of this Policy.
You may opt-out of having the data collected and automatically retained through your browser while on Tyro’s App or website by visiting https://mixpanel.com/optout. If you get a new computer, install a new browser, erase or otherwise alter your browser’s cookie file (including upgrading certain browsers) this may clear the opt-out cookie.
Tyro collects and holds information about your identity, contact details, identification information such as directorships, passport number, Australian citizenship certificate number, your gender and relationships with other people, tax residency status, your transaction information for any Tyro products you hold and other financial information which you provide to us or authorise us to access from third parties.
Tyro may also collect information from, and disclose information to, our related bodies corporate, however Tyro and it related bodies corporate will only use such information for the purposes for which it was originally collected (unless an exception applies).
Collection of Credit Information
Tyro may collect, use, hold and disclose the following types of credit information:
- Credit related identification information is information such as name, date of birth, current or previous address, name of current employer, drivers licence number, Internet Protocol (IP) addresses and unique device identifiers (UDIDs).
- Other credit related information is information such as type and amount of credit sought, publicly available information about an individual’s creditworthiness, default information, repayment history information, payment information in relation to overdue payments and personal insolvency information.
Tyro may undertake a credit check (or similar) through a credit reporting body in relation to an application made by you or to assess your eligibility for particular products and services. In this situation, Tyro may derive information about your eligibility to be provided with Tyro’s products and services from information about you contained in the credit check.
Purposes for collection
Tyro collects, holds, uses and discloses personal and credit information:
- to establish your identity and assess applications for Tyro’s products and services;
- to assess eligibility for any of Tyro’s products and services or particular features;
- to conduct reference checks and background enquiries;
- to design and price Tyro’s products and services;
- to understand how you use Tyro’s products and to enhance your experience as well as to enhance Tyro’s features, products and services;
- to conduct and enhance Tyro’s business;
- to provide, administer and manage Tyro’s products and services including to provide all available features of our products and services, to process transactions, authenticate you when you access a Tyro product or service and provide customer support;
- to provide and manage your Tyro internet-based portals (such as an App or online portals) or accounts we provide;
- to identify and control or minimise risks to Tyro’s products and services;
- to enable us to monitor suspicious or fraudulent activity, including unauthorised transactions, in relation to Tyro’s products and services.
- to manage Tyro’s relationship with you including contacting you in relation to Tyro’s products and services;
- where required by law;
- to enforce compliance with our terms and conditions;
- to provide information to representatives and advisors, including lawyers and accountants, to help us comply with legal, accounting, or security requirements;
- to validate your payment card information;
- to communicate with you by email, phone, or SMS in connection with our products and services, and that of Tyro’s related bodies corporate;
- to our related bodies corporate where required for business and operational purposes;
- to assist Tyro’s related bodies corporate and third parties in the provision of products or services that you request from them;
- to monitor the use of and improve our interactive assets, including the Tyro eCommerce;
- to perform data analyses (including anonymisation of personal information);
- to comply with applicable legal requirements, industry standards and our policies or to comply with a request from a law enforcement authorities or other government officials;
- to perform auditing, research and analysis in order to maintain, protect and improve our services;
- where we believe it is necessary to protect our legal rights, interests and the interests of others, including in connection with legal claims, compliance, regulatory and audit functions, prevention of fraud, ensuring data security;
- to provide you with further information about services and products we think may interest you;
- to resolve complaints;
- for direct marketing, promotional and lead generation activities;
- to manage our risks and identify illegal activity;
- to provide support services and answer your enquiries;
- for any other purpose consented to by you; and
- for any other purpose related to any of the above purposes, as permitted under the privacy legislation.
If you are an individual in the European Union (EU), we collect and process information about you only where we have a legal basis for doing so under the GDPR. The legal basis for processing your personal information will depend on the Tyro products or services you use and your relationship with Tyro (for example, whether you are a Tyro customer, you are a beneficial owner or controlling person of a Tyro customer or you receive products or services from a Tyro customer). We will only collect and use your personal information where one of the following legal bases apply:
- it is required to provide you with the relevant Tyro products or services in accordance with our agreement with you;
- it is necessary for the purposes of the legitimate interests of Tyro (which is not overridden by your data protection interests), including in connection with legal claims, compliance, regulatory and audit functions, prevention of fraud and ensuring data and system security;
- you have given us consent to do so for a specific purpose; or
- it is necessary for us to comply with our legal obligations.
If you are an individual in the EU and you have consented to our use of your personal information for a specific purpose, you have the right to withdraw your consent at any time, but this will not affect any processing that has already taken place.
Means of Collection and Holding of Information
Tyro collects the personal and credit information voluntarily provided by you through our application forms, via our website, over the phone, through a Tyro internet-based portal (such as an app or online portal) or from third parties who Tyro has a relationship with. Tyro may also collect credit information about you from credit reporting bodies or other credit providers, subject to any restrictions under the privacy legislation.
Tyro may also collect information about you, including where you are not a customer of Tyro, but are associated to a customer or are a customer of a service provider of Tyro, from that customer, through fraud monitoring systems implemented by Tyro or from publicly available sources such as registers maintained by the Australian Securities and Investments Commission and ABN Lookup, social media or made available by third parties.
Generally, the personal information that Tyro may request from you is required to enable Tyro to enter into a contractual agreement with you, is a requirement under the terms of the contractual agreement with you or is required by Tyro to comply with its obligations under applicable laws, such as the Anti-Money Laundering and Terrorism-Financing Act 2006 (Cth).
You are not obliged to provide the personal information we request, however if you do not provide the personal or credit information requested by Tyro, Tyro may not be able to provide you (or the customer with which you are associated) with the requested products or services and we may not be able to provide you with information about our products and services.
Tyro holds personal and credit information in electronic and physical form in accordance with the ‘Security and Retention of Information’ section of this Policy.
Use and Disclosure of Information
Tyro will use and may disclose personal and credit information for any of the purposes set out above. People Tyro may disclose your information to for the above purposes include:
- Tyro’s service providers, including service providers that assist us to operate, provide, improve, integrate, customise, support, monitor and market our products and services. We do not authorise these service providers to use or disclose such data except as necessary to perform certain services on our behalf or to comply with legal requirements. We use reasonable endeavours to contractually require these service providers to appropriately safeguard the privacy and security of personal information they process on our behalf;
- Tyro’s related bodies corporate;
- providers of software that integrates with Tyro’s products and services;
- our affiliates and other entities that assist with payment card fraud prevention;
- entities to whom Tyro outsources functions;
- people acting on your behalf including guardians, agents, people holding a power of attorney and people you authorise us to share information with;
- guarantors (where you have Tyro lending products);
- other financial institutions;
- employers or former employers;
- any referees you nominate in connection with your application for Tyro products or services;
- credit reporting bodies and credit providers;
- Tyro’s representatives and advisors, including lawyers and accountants;
- government or law enforcement entities.
We may share aggregated and de-identified information with participating financial institutions and their customers. For example, we may share data to show trends about the general use of our products and services.
We may work with third parties to provide additional products or services which may be offered to you. At the time these products or services are offered to you, you will be asked if you consent to share your personal information with such third parties for the purpose of providing such product or service, or for other purposes, such as marketing. If you agree with our sharing your personal information with such third party for such specific purpose, we then may share your personal information with such third party.
We also reserve the right to transfer personal information we hold about you in the event we sell or transfer all or a portion of our business or assets. We may also disclose your personal information to potential acquirers in the event of a prospective sale or transfer. Following such a sale or transfer, you may contact the entity to which we transferred your personal information with any inquiries concerning the processing of that information.
We also may share personal information otherwise with your consent.
In addition, we also may share aggregated or anonymised data with third parties for any lawful purpose.
Where you permit or enable a Tyro application, product or service to integrate with another application, product or service (or use a feature of Tyro’s products and services that requires such integration), Tyro will disclose your personal and financial information to the provider of the integrated service and collect your personal and financial information from the software provider (where relevant).
Where you become a Tyro customer, Tyro may disclose financial information relating to your Tyro EFTPOS and/ or eCommerce Facility to third parties for the assessment of the third party’s credit risk where it is in the business of lending money to you or your business, the improvement of customer service and marketing purposes. It is the responsibility of the third party to comply with all applicable regulatory requirements in relation to the use of the relevant financial information.
Tyro may be required in some circumstances to disclose personal or credit information where:
- required or authorised by law;
- required in order to investigate an unlawful activity;
- required by an enforcement body for investigative activities; or
- necessary to prevent a serious threat to a person’s life, health or safety, or to public health or safety.
Tyro discloses personal information to overseas third parties located in the United States of America, Singapore and China for the purposes of providing our products, marketing and lead generation activities and obtaining product analytics to allow it to improve its products and services. In addition, personal information may need to be transferred to service providers located in other overseas countries from time to time in order for Tyro to perform its functions or activities.
Some of the overseas third parties to whom we may disclose personal information may not have equivalent privacy and data protection laws to the country in which you reside and may not, in the case of individuals located in the EU, be subject to an adequacy decision of the European Commission that the third country ensures an adequate level of protection. Tyro will use reasonable endeavours to ensure that personal information will receive protection similar to that which it would have if the information were in Australia by implementing standard data protection obligations in its contractual agreements with these overseas service providers. For more information, please contact the Privacy Officer using the contact details provided below.
If you register to use the BPAY Scheme, you agree to us disclosing to billers nominated by you and if necessary, the entity operating the BPAY Scheme (BPAY Pty Ltd) or any other participant in the BPAY Scheme and any agent appointed by any of them from time to time, including Cardlink Services Limited, that provides the electronic systems needed to implement the BPAY Scheme the following information:
- such of your personal information (for example your name, email address and the fact that you are our customer) as is necessary to facilitate your registration for or use of the BPAY Scheme;
- such of your transactional information as is necessary to process your BPAY Payments. Your BPAY Payments information will be disclosed by BPAY Pty Ltd, through its agent, to the biller’s financial institution.
If any of your personal information changes, we may be required to disclose your updated personal information to other participants in the BPAY Scheme.
Tyro Connect – Collection, Use and Disclosure of Transaction Information
When you make a payment to a merchant (e.g., a retail store or a café), or through an app (e.g., Uber Eats, Hey You or Open Table) and that merchant or app uses a Tyro EFTPOS machine, a point-of-sale software connected to Tyro (POS) or an app integrated with Tyro, and they use our Tyro Connect integration hub, we will collect and hold information about your purchase (Tyro Connect Transaction Information). This information includes the merchant or app you made the payment to, the value of the payment, the items you paid for, when and where you made that payment, the payment method you used (including whether you used a card, digital wallet, or other device) and a unique identifier of the payment card you used.
When we hold your Tyro Connect Transaction Information it is de-identified.
We may also aggregate Tyro Connect Transaction Information. With this aggregated and de-identified information we may:
- disclose it to our customers (which may include merchants, app providers and other businesses) to enable them to perform their own data analysis and generate insights;
- perform data analysis and disclose insights to our customers (which may include merchants, apps and other businesses); and
- use and disclose that information for purposes that may not be set out in this policy.
From time to time Tyro may use personal information to send you information regarding Tyro’s services and products, and that of its related bodies corporate. If you do not wish to receive direct marketing information, you can contact the Privacy Officer using the contact details provided below or you can click the unsubscribe link within the marketing emails you receive from us and Tyro will take immediate steps to ensure that you do not receive any direct marketing information in future.
If you sign-up to receive information about the services of our partners, you may receive other communications from our partners. If you don’t wish to receive communications from our partners, please contact them directly to inform them of your preference.
Quality of Information
Tyro’s objective is to ensure that all information collected by Tyro is accurate, complete and up-to-date. If Tyro is unable to update its records following a request to do so it will notify you and provide its reasons in writing. Tyro will update records if notified that information is not accurate, complete or up-to-date. If you believe the information that Tyro holds about you is not accurate, please contact the Privacy Officer using the contact details provided below.
Security and Retention of Information
Tyro is committed to keeping information secure and will take all reasonable precautions to protect information from unauthorised access, interference, modification, disclosure, loss, misuse or alteration. Personal and credit information may be stored in hard copy documents or electronically on Tyro’s software or systems. Tyro maintains physical security over its paper and electronic data stores, such as locks and security systems. Tyro also maintains computer and network security using passwords to control and restrict access to authorised staff for approved purposes.
We restrict access to personal information about you to those employees who need to know that information to provide products or services to you. We maintain appropriate administrative, technical and physical safeguards to protect the personal information we have about you. We endeavour to take measures to destroy or permanently de-identify personal information when there is no longer a business need to keep the data. The types of measures we take vary with the type of information, and how it is collected and stored.
The period of time for which your information will be retained by Tyro will depend on the types of information we hold about you. Generally, your information will be retained for the period during which you have an ongoing relationship with Tyro and for a period of at least 7 years after this relationship ceases, or such other period of time as required under specific legislation relating to the type of information held (for example under the Anti-Money Laundering and Terrorism-Financing Act 2006 (Cth)).
Access to Information
Any individual or company may request access to the personal and credit information Tyro holds about them and seek correction of this information. An individual may also request confirmation from Tyro as to whether we are processing their personal information.
Requests should be made by phone on 1300 00 TYRO (8976) or +61 2 8311 4889 or in writing and addressed to the Privacy Officer at email@example.com. In some circumstances, Tyro may not be in a position to provide access or make a correction to the information held. If Tyro denies your request, it will provide its reasons in writing.
Tyro will respond to your request for access to your information within a reasonable time after you make the request and if access is granted, access will be provided within 30 days from your request. Tyro will, on request, provide you with access to your information or update or correct your information, unless an exception applies to us granting your request, for example if:
- giving access would be unlawful;
- we are required or authorised by law or a court/tribunal order to deny access;
- giving access is likely to prejudice one or more enforcement related activities conducted by an enforcement body; or
- the request is manifestly unfounded or excessive.
Where your request for access is accepted, Tyro will provide you with access to your information in a manner, as requested by you, providing it is reasonable to do so.
Your request for correction will be dealt with within 30 days, or such longer period as agreed by you.
Upon accepting a request for correction of your information, we will take all steps that are reasonable in the circumstances, having regard to the purpose for which your information is held, to correct your information.
If your request for correction of credit information is accepted Tyro will provide written notice of this correction to any entity to which we have disclosed this information previously, to the extent that this is practicable.
Features and Links to Other Websites
Additional rights applying to EU Individuals
We may use systems to make automated decisions based on personal information we have collected from you or obtained from other sources such as credit reporting bodies. Our approval process relies on automated analysis of personal information provided by you in the application process, alongside that received from credit referencing agencies and fraud prevention agencies, to make decisions around eligibility and affordability. These automated decisions can affect the products or services we offer you. For example, we may decide not to offer all or some our products or services to you, or we may decide how much to charge you, based on credit history and other financial information about you. You have a number of rights in relation to the personal information that we hold about you, you can exercise your rights by contacting the Privacy Officer using the contact details provided below.
If you are an individual in the EU, you also have the following additional rights:
- Access of your personal information: You may request Tyro to provide you with confirmation as to whether or not your personal data is being processed in certain circumstances. Where that is the case, access to that personal data may include for example the purposes for processing and categories of personal data concerned.
- Erasure of your personal information: You may request erasure of your personal information in certain circumstances. For example, if you believe your personal information is no longer necessary for the purpose which Tyro collected it or if you have withdrawn your consent for Tyro to process your personal information.
- Restriction or objection to processing personal information: You may request Tyro to restrict or stop the processing of your personal information in certain circumstances. For example, if you believe the personal information, we hold is not accurate, if you believe that the data has been unlawfully processed or if we are using your personal information for direct marketing activities.
- Data portability: You may request Tyro to provide you with a copy of your personal information in a format that you can easily move or provide to another service provider. Your right to data portability applies to some, but not all, of your personal information.
Requests should be made by phone on +61 2 8311 4889 or in writing and addressed to the Privacy Officer at firstname.lastname@example.org. Tyro may refuse your request, for example if we still have a legitimate business interest in keeping and continuing to process that personal information, if processing of your personal information is necessary to comply with a legal obligation, or if the request is manifestly unfounded or excessive (as applicable). If Tyro denies your request, it will provide its reasons in writing within 30 days.
Change to this Policy
Tyro may change this Policy from time to time for any reason without prior notice to you to reflect changes in our personal information handling practices. The up-to-date version of this Policy is located on Tyro’s website, www.tyro.com. You will be notified of any changes to this policy by Tyro uploading an updated version to this website.
We will indicate in the Policy when it was most recently updated. Please check this Policy and our website periodically to ensure that you are aware of any changes or updates.
Any complaints should be directed to the Privacy Officer in the first instance at email@example.com. If you believe Tyro has not adequately dealt with your complaint, you may complain to the Privacy Commissioner, details of which can be found at www.oaic.gov.au.
If you are an individual in the EU, you may lodge a complaint with your local data protection supervisory authority within the European Union if your complaint has not been adequately dealt with by Tyro.
We will review and respond to all complaints within a reasonable period of time. If you are not satisfied with our response, to the extent permitted by applicable law, you may take your complaint to the applicable regulator in your jurisdiction.
Privacy Officer Contact
To update your preferences, ask us to remove your data from our mailing lists or submit an access request for personal information collected through our website or our products or services, please contact the Privacy Officer as specified below. The right to access personal information may be limited in some circumstances by local law requirements.
When submitting a request to exercise your data protection rights, it must be done in writing and contain and/or enclose the following:
- The name of the data owner and/or other means to communicate to the same our response to the request received;
- The specific indication of the data protection right which you wish to exercise; and
- A clear and precise description of the personal information for which the exercise of any data protection rights is pursued.
If you have any questions or comments about this Policy, require a hard copy mailed to you, or if you would like us to update the data, we have about you or your preferences, please contact the Privacy Officer using the details set out below.
To assist us in responding to your request, please provide us with information of your issue or concern and include as many details as possible.
Our Privacy Officer’s contact details are:
Phone: 1300 00 TYRO (8976) or +61 2 8311 4889
Mail: Level 18, 55 Market Street Sydney NSW 2000
If you are an individual in the EU, please contact the Privacy Officer to obtain details of Tyro’s representative for the purposes of the GDPR.
PART 2 – CREDIT INFORMATION NOTIFIABLE MATTERS
In accordance with Tyro’s obligations under the Australian Privacy Act, Tyro sets out the following notifiable matters in relation to any of your personal or credit information disclosed by Tyro to a credit reporting body for the purposes of undertaking a credit check or disclosing payment default information in relation to commercial credit provided to you:
- Tyro only provides commercial credit and is therefore not subject to any obligations under the Australian Privacy Act that apply only in relation to a credit provider that provides consumer credit.
CreditorWatch – www.creditorwatch.com.au
Equifax Australia – www.equifax.com.au or 13 8332
illion – www.illion.com.au or 13 2333
- CreditorWatch, Equifax and illion may include any of your personal or credit information, disclosed to it by Tyro, in reports provided to other credit providers to assist other credit providers to assess your credit worthiness.
- Tyro’s policy about the management of personal and credit information is set out in Part 1 of this document. In accordance with Part 1 of this document, you may request to access or correct your personal or credit information and to make a complaint to Tyro.
- You have the right to make a request to CreditorWatch, Equifax or illion not to use or disclose your credit reporting information:
- for the purposes of pre-screening of direct marketing by a credit provider; or
- if you believe on reasonable grounds that you have been, or are likely to be, a victim of fraud.
PART 3 – TYRO ECOMMERCE SPECIFIC TERMS
This section applies to our merchants or other individuals (including customers of Tyro’s merchants) that use the Tyro eCommerce in addition to the other sections of this Policy.
In connection with the Tyro eCommerce, we may collect, use, hold and disclose personal information, in addition to that described above, from merchants participating in the Tyro eCommerce, and their respective service providers, developers and/or admins when an account is being created on behalf of a merchant as part of the enrolment process for the Tyro eCommerce. Such personal information includes, but is not limited to, first name, last name, tax ID, name, date of birth, phone number (landline and mobile), social security number, address, customer service phone number, government issued ID number (e.g., passport or national ID), bank account information (e.g., routing number, bank account number, IBAN, SWIFT, and SORT code), email address, username, password, and security questions. We may also collect other information about your business such as business address, business type, business start date, filing state, and bank name.
If you create a developer account in connection with the Tyro eCommerce, we collect personal information from you in order to operate your account. Such personal information includes, but is not limited to, first name, last name, email (doubles as username), and password.
We may also process the personal information of individuals who make payments through the Tyro eCommerce on behalf of merchants. There are obligations that apply to merchants with respect to personal information about individuals making payments to merchants through the Tyro eCommerce, which are described in our terms and conditions. Please make sure to read our terms and conditions carefully to make sure you understand how these obligations may apply to you and that you can comply.
The Tyro eCommerce is provided on a global platform. To offer our services, we may need to transfer your personal information among several countries, in addition to those set out above. We endeavour to comply with applicable legal requirements providing adequate safeguards for the transfer of personal information to countries outside of your local country.
PART 4 – COOKIES
A “cookie” is a text file placed on a computer’s hard drive by a web server. A cookie contains small amounts of information which is downloaded on your device’s memory and can subsequently be accessed by our web servers.
A “web beacon,” also known as an Internet tag, pixel tag or clear GIF, is used to transmit information back to a web server. A web beacon is an object embedded in and downloaded together with a webpage which provides information as to the viewing of that webpage.
We may use the following cookies:
Essential cookies – Some cookies are essential for the Site to function effectively and to offer you products and services. For example, essential cookies enable you to securely access and navigate within the Site and its functionalities or sign-in.
Essential cookies collect the following information: session ID (to remember your credentials in the course of your session), security token and other server affinity and authentication data (to establish and maintain communication with the most appropriate servers).
We use essential cookies for the duration of each session (session cookies). Session cookies are deleted when you log out of the Site or when you close your web browser. Session cookies are also used by us or our service providers to know whether our cookie consent notice has been viewed and to allow for the frequency capping of the cookie on-site notice (an on-site cookie notice at the bottom of the landing page that informs you that cookies are used on the Site and how to enable and disable them). In addition, we use session cookies to remember the choices you make on our Sites.
You may reject essential or session cookies by altering the cookie function of your browser. The “help” option of the toolbar on most browsers will tell you how to stop accepting new cookies, how to be notified when you receive a new cookie, and how to disable existing cookies. However, if you reject these cookies, you may not be able to use full or part of the Site, as these cookies are strictly necessary for the Site to operate.
Advertising cookies collect the following information, which may include personal information: unique identification assigned to your device; IP address, device and browser type, operating system, referring URLs, content viewed, products purchased, or other actions taken on the Site, time and date of those actions and country information.
You may learn more about interest-based advertising, including opting out of ad networks, by visiting https://youradchoices.com/control.
Analytics cookies – Analytics cookies like Omniture cookies are used on the Site for website analytics purposes, such as creating anonymised reports and statistics on the performance of the Site. In addition, other third party cookies are used to manage and improve the performance of the Site. This includes performance cookies that help us understand the use of the Site and our products.
Analytics cookies help collect the following information: unique identification assigned to your device, IP address, device and browser type, operating system, referring URLs, time and date page was visited, information on actions taken in the course of using the Site and country information.