Privacy Policy

Version 2.4
May 2017

PART 1 – PERSONAL AND CREDIT INFORMATION PRIVACY POLICY

Document Purpose

The purpose of this Privacy Policy is to provide a summary of how, why and when personal information and credit related personal information (credit information) is collected, disclosed, used, stored and otherwise handled by Tyro Payments Limited (Tyro). The Policy relates to personal information and credit information collected by any means and by any technology. Tyro treats the handling of personal and credit information very seriously. To that end, Tyro has systems and procedures in place to protect privacy in relation to the handling of personal and credit information. Tyro abides by the Australian Privacy Principles and its objective is to handle information responsibly. The Privacy Act provides for an exemption in relation to employee records (being records relating to a current or former employment relationship between Tyro and the individual). Tyro is not required to comply with the Australian Privacy Principles when dealing with employee records.

Collection of Personal Information

Tyro collects and holds information about you and your interactions with Tyro including when you apply for, enquire about or use Tyro’s products or services, participate in any of Tyro’s promotional activities, contact Tyro by any means or visit Tyro’s website.

When you use the Tyro App or visit our website, we may use cookies, pixel tags or similar technology to enable us to collect, through a third party service provider, data about how you use Tyro’s website and the Tyro App. This data may include personal information. For example, the types of information we may collect include which pages you visit, the time and date of your visit, the internet protocol address assigned to your computer, user name, name and email addresses. This information will be considered personal information under the Privacy Act where we can link this information to your account. We use this information to help us to improve our website, the Tyro App and our services generally. We may also use this information to provide you with in-app or push notifications. For example, we may send you notifications within the Tyro App or while you are on the Tyro website to assist you where you have had trouble with a particular item in the App or for marketing purposes.

You may opt-out of having the data collected through your browser while on Tyro’s App or website automatically retained by visiting https://mixpanel.com/optout. If you get a new computer, install a new browser, erase or otherwise alter your browser’s cookie file (including upgrading certain browsers) this may clear the opt-out cookie.

We will handle any personal information collected by cookies, pixel tags or similar technology in the same way that we handle all other personal information as described in this Privacy Policy.

Tyro collects and holds information about your identity, contact details, identification information such as directorships, passport number, Australian citizenship certificate number, your gender and relationships with other people, your transaction information for any Tyro products you hold and other financial information which you provide to us or authorise us to access from third parties.

Collection of Credit Information

Tyro may collect, use, hold and disclose the following types of credit information:

  • Credit related identification information is information such as name, date of birth, current or previous address, name of current employer, drivers licence number, internet Protocol (IP) addresses and unique device identifiers (UDIDs).
  • Other credit related information is information such as type and amount of credit sought, publicly available information about an individual’s creditworthiness, default information, repayment history information, payment information in relation to overdue payments and personal insolvency information.

Tyro may undertake a credit check (or similar) through a credit reporting body in relation to an application made by you or to assess your eligibility for particular products and services. In this situation, Tyro may derive information about your eligibility to be provided with Tyro’s products and services from information about you contained in the credit check.

Purposes for collection

Tyro collects, holds, uses and discloses personal and credit information:

  • to establish your identity and assess applications for Tyro’s products and services;
  • to assess your eligibility for any of Tyro’s products and services or particular features;
  • to conduct reference checks and background enquiries;
  • to design and price Tyro’s products and services;
  • to understand how you use Tyro’s products and to enhance your experience as well as to enhance Tyro’s features, products and services;
  • to conduct and enhance Tyro’s business;
  • to provide, administer and manage Tyro’s products and services including to provide all available features of our products and services;
  • to manage Tyro’s relationship with you including contacting you;
  • to provide Tyro’s FinTechHub services;
  • to provide you with further information about services and products we think may interest you;
  • to resolve complaints;
  • for direct marketing, promotional and lead generation activities;
  • to manage our risks and identify illegal activity;
  • to provide support services; and
  • for any other purpose related to any of the above.

Means of Collection and Holding of Information

Tyro collects the personal and credit information voluntarily provided by you through our application forms, via our website, over the phone, or from third parties who Tyro has a relationship with. Tyro may also collect credit information about you from credit reporting bodies or other credit providers, subject to any restrictions under the Privacy Act. Tyro may also collect information about you, including where you are not a customer of Tyro, but are associated to a customer or are a customer of a service provider of Tyro, from publicly available sources such as registers maintained by the Australian Securities and Investments Commission and ABN Lookup, social media or made available by third parties.

If you do not provide the personal or credit information requested by Tyro, Tyro may not be able to provide you with your requested products or services.

Tyro holds personal and credit information in electronic and physical form in accordance with the ‘Security of Information’ section of this Policy.

Use and Disclosure of Information

Tyro will use and may disclose personal and credit information for any of the purposes set out above. People Tyro may disclose your information to for the above purposes include:

  • Tyro’s service providers;
  • providers of software that integrates with Tyro’s products and services;
  • entities to whom Tyro outsources functions;
  • people acting on your behalf including guardians, agents, people holding a power of attorney and people you authorise us to share information with;
  • guarantors (where you have Tyro lending products);
  • other financial institutions;
  • employers or former employers;
  • any referees you nominate in connection with your application for Tyro products or services;
  • credit reporting bodies and credit providers;
  • government or law enforcement entities.

Where you permit or enable a Tyro application, product or service to integrate with another application, product or service (or use a feature of Tyro’s products and services that requires such integration), Tyro will disclose your personal and financial information to the provider of the integrated service and collect your personal and financial information from the software provider (where relevant).

Where you become a Tyro customer, Tyro may disclose financial information relating to your Tyro EFTPOS Facility to third parties for the assessment of the third party’s credit risk where it is in the business of lending money to you or your business, the improvement of customer service and marketing purposes. It is the responsibility of the third party to comply with all applicable regulatory requirements in relation to the use of the relevant financial information.

Tyro may be required in some circumstances to disclose personal or credit information where:

  • required or authorised by law;
  • required in order to investigate an unlawful activity;
  • required by an enforcement body for investigative activities; or
  • necessary to prevent a serious threat to a person’s life, health or safety, or to public health or safety.

Tyro discloses personal information to an overseas third party located in the United States of America and Singapore for the purposes of marketing and lead generation activities and obtaining product analytics to allow it to improve its products and services. Tyro will use its best endeavours to ensure that personal information will receive protection similar to that which it would have if the information were in Australia. In addition, personal information may need to be transferred overseas in order to perform Tyro’s functions or activities..

Tyro may disclose personal and credit information to an Australian-based office of a third party with offices located overseas (in addition to the Australian-based office), such as VISA, MasterCard and China Union Pay. This information may be disclosed to and used by the third party’s overseas offices, located predominantly in the United States. The disclosure and use of information between the third party’s Australian-based office and its overseas offices will be governed by that third party’s privacy policy.

If you register to use the BPAY Scheme, you agree to us disclosing to billers nominated by you and if necessary the entity operating the BPAY Scheme (BPAY Pty Ltd) or any other participant in the BPAY Scheme and any agent appointed by any of them from time to time, including Cardlink Services Limited, that provides the electronic systems needed to implement the BPAY Scheme the following information:

  • such of your personal information (for example your name, email address and the fact that you are our customer) as is necessary to facilitate your registration for or use of the BPAY Scheme;
  • such of your transactional information as is necessary to process your BPAY Your BPAY Payments information will be disclosed by BPAY Pty Ltd, through its agent, to the biller’s financial institution;

If any of your personal information changes, we may be required to disclose your updated personal information to other participants in the BPAY Scheme.

You can request access to your information held by BPAY Pty Ltd or its agent, Cardlink Services Limited by referring to the procedures set out in the privacy policy of the relevant entity.

Direct Marketing

From time to time Tyro may use personal information to send you information regarding Tyro’s services and products. If you do not wish to receive direct marketing information, you can contact Tyro using the following contact details:

Privacy Officer:

Soula Biris
Tyro Payments Limited
Phone: 02 8907 1649
Email: privacy@tyro.com

and Tyro will take immediate steps to ensure that you do not receive any direct marketing information in future.

Quality of Information

Tyro’s objective is to ensure that all information collected by Tyro is accurate, complete and up-to-date. If Tyro is unable to update its records following a request to do so it will notify you and provide its reasons in writing. Tyro will update records if notified that information is not accurate, complete or up-to-date. If you believe the information that Tyro holds about you is not accurate, please contact us using the following details:

Privacy Officer:

Soula Biris
Tyro Payments Limited
Phone: 02 8907 1649
Email: privacy@tyro.com

Security of Information

Tyro is committed to keeping information secure and will take all reasonable precautions to protect information from unauthorised access, interference, modification, disclosure, loss, misuse or alteration. Personal and credit information may be stored in hard copy documents or electronically on Tyro’s software or systems. Tyro maintains physical security over its paper and electronic data stores, such as locks and security systems. Tyro also maintains computer and network security using passwords to control and restrict access to authorised staff for approved purposes.

Access to Information

Any individual or company may request access to the personal and credit information Tyro holds about them and seek correction of this information. Requests should be made in writing and addressed to the Privacy Officer at privacy@tyro.com. In some circumstances, Tyro may not be in a position to provide access or make a correction to the information held. If Tyro denies your request, it will provide its reasons in writing.

Tyro will respond to your request for access to your information within a reasonable time after you make the request and if access is granted, access will be provided within 30 days from your request. Tyro will, on request, provide you with access to your information or update or correct your information, unless the Act provides an exception to us granting your request, including if:

  • giving access would be unlawful;
  • we are required or authorised by law or a court/tribunal order to deny access; or
  • giving access is likely to prejudice one or more enforcement related activities conducted by an enforcement body.

Where your request for access is accepted, Tyro will provide you with access to your information in a manner, as requested by you, providing it is reasonable to do so.

Your request for correction will be dealt with within 30 days, or such longer period as agreed by you.

Upon accepting a request for correction of your information, we will take all steps that are reasonable in the circumstances, having regard to the purpose for which your information is held, to correct your information.

If your request for correction of credit information is accepted Tyro will provide written notice of this correction to any entity to which we have disclosed this information previously, to the extent that this is practicable.

Change to this Policy

Tyro may change this Policy from time to time for any reason and will update the Policy accordingly. The up to date version of this Policy is located on Tyro’s website, www.tyro.com. You will be notified of any changes to this policy by Tyro uploading an updated version to this website.

Complaints

Any complaints should be directed to the Privacy Officer in the first instance at privacy@tyro.com. If you believe Tyro has not adequately dealt with your complaint, you may complain to the Privacy Commissioner, details of which can be found at www.oaic.gov.au.

PART 2 – CREDIT INFORMATION NOTIFIABLE MATTERS

In accordance with Tyro’s obligations under the Privacy Act, Tyro sets out the following notifiable matters in relation to any of your personal or credit information disclosed by Tyro to a credit reporting body for the purposes of undertaking a credit check or disclosing payment default information in relation to commercial credit provided to you:

  1. Tyro only provides commercial credit and is therefore not subject to any obligations under the Privacy Act that apply only in relation to a credit provider that provides consumer credit.
  2. In connection with the provision of commercial credit, Tyro may disclose your personal and credit information to credit reporting bodies for the purposes of undertaking a credit check in relation to an application made by you or assessing your eligibility for Tyro products or disclosing payment default information or have committed a serious credit infringement, if that is the case. We may disclose information to or collect information from the following CRBs whose privacy policy and contact details are at:

Equifax Australia – www.equifax.com.au or 13 8332

Dun & Bradstreet –www.dnb.com.au or 13 2333

  1. Equifax and Dun & Bradstreet may include any of your personal or credit information, disclosed to it by Tyro, in reports provided to other credit providers to assist other credit providers to assess your credit worthiness.
  2. Tyro’s policy about the management of personal and credit information is set out in Part 1 of this document. In accordance with Part 1 of this document, you may request to access or correct your personal or credit information and to make a complaint to Tyro.
  3. You have the right to make a request to Equifax and Dun & Bradstreet not to use or disclose your credit reporting information:
    1. for the purposes of pre-screening of direct marketing by a credit provider; or
    2. if you believe on reasonable grounds that you have been, or are likely to be, a victim of fraud.