Skip to main content Skip to search
Get Started

Privacy Statement & Consent

Tyro Payments Limited ABN 49 103 575 042 (“Tyro”, “we”, “us”) is an APP entity and credit provider for the purposes of the Privacy Act 1988 (Cth) (“Privacy Act”). Tyro also has obligations under the European Union General Data Protection Regulation (“GDPR”) in relation to some personal information it collects.

Tyro’s Privacy Policy

Tyro’s Privacy Policy sets out detailed information about how, why and when personal information and credit related personal information (“credit information”) is collected, disclosed, used, stored and otherwise handled by Tyro. Tyro’s Privacy Policy is available at www.tyro.com/privacy-policy/. Hard copy is available on request.

This Privacy Statement & Consent, together with Tyro’s Privacy Policy, sets out:

  • purposes for which Tyro collects your personal or credit information;
  • consequences if you don’t provide your personal or credit information to Tyro;
  • third parties which Tyro discloses your personal or credit information;
  • how to access and seek correction of your personal or credit information;
  • how to complain about a breach of Tyro’s obligations in respect of your personal or credit information and how Tyro will deal with a complaint; whether your personal or credit information is likely to be disclosed by Tyro to overseas entities and in which countries these entities reside;
  • information about credit reporting, including the credit reporting bodies (“CRBs”) to which Tyro may disclose your personal or credit information; and
  • matters associated with credit reporting that must be notified to you in accordance with the Privacy Act.

In addition to the above, Tyro’s Privacy Policy sets out the following key information that applies to personal information of individuals that are located in the European Union:

  • the legal basis for Tyro’s processing of your personal information (including any legitimate interests for which processing is necessary);
  • the appropriate safeguards Tyro has implemented in relation to the third countries to which we may transfer your personal information;
  • the criteria Tyro uses to determine the period for which your personal information will be retained by Tyro;
  • your rights to request access, rectification, data portability or erasure of your personal information or to request us to restrict processing of your personal information;
  • your right to object to Tyro processing your personal information;
  • your right to lodge a complaint with a supervisory authority;
  • information about any automated decision-making used by Tyro, and
  • the details of any EU representative appointed by Tyro.


Purposes of collection of personal and credit information

Tyro collects personal and credit information directly from you, from associated third parties that are Tyro customers, Tyro service providers, publicly available sources such as registers maintained by the Australian Securities and Investments Commission, credit reporting bodies and ABN Lookup or by such other means as set out in our Privacy Policy.

Tyro collects, holds, uses and discloses personal and credit information for the following purposes, in addition to any purposes set out in Tyro’s Privacy Policy:

  • direct marketing activities (excluding credit eligibility information);
  • performing reference checks (including personal references) and conducting background enquiries;
  • verifying any information provided by you to Tyro (including identification);
  • reporting payment defaults to CRBs; and
  • any other purpose necessary to process an application for services, facilities or any other arrangement with Tyro.

By agreeing to this Privacy Statement and Consent you consent to Tyro using your personal and credit information for the purposes set out above, including using your full name, address and date of birth (“DOB”) for the purposes of direct marketing activities. You may withdraw your consent to receive direct marketing communications from Tyro at any time by using the opt-out-option provided in each direct marketing communication or you may ask us at any time to include you on Tyro’s “No contact” list.

Exchange of personal and credit information

Tyro may disclose and/or collect your personal or credit information from the following entities, in addition to any entities set out in Tyro’s Privacy Policy:

  • CRBs;
  • banks or financial institutions;
  • referees provided to Tyro;
  • government bodies; and
  • other third parties.

By agreeing to this Privacy Statement and Consent you:

  • authorise each source (including a credit reporting body, bank or financial institution) to give Tyro any information about you which Tyro requires for your application; and
  • release Tyro and each source from liability for, and indemnify Tyro and each source against, all claims and losses arising out of disclosures made in the course of such inquiries.

Overseas disclosures

Tyro discloses personal information to overseas third parties located in the United States of America,  Singapore and China (each an “Overseas Recipient”) for the purposes of providing our products, product analytic services and services and products for storage of personal information to allow Tyro to conduct its direct marketing activities. Tyro has made reasonable investigations to ensure that these Overseas Recipients are reputable service providers.

Once disclosed to an Overseas Recipient, your personal information will be dealt with in accordance with that Overseas Recipient’s privacy policy. You should be aware that the Overseas Recipient may not be subject to any privacy obligations or other principles similar to the Privacy Act. However, Tyro has made reasonable endeavours to bind the Overseas Recipient to comply with the Privacy Act in relation to your personal information.

By agreeing to this Privacy Statement and Consent you:

  • consent to Tyro disclosing your personal information, such as full name, address and DOB to an Overseas Recipient for the purposes of providing our products, product analytic services and services and products for storage of personal information to Tyro to conduct its direct marketing activities;
  • you will not be able to seek redress under the Privacy Act if the Overseas Recipient handles the personal information disclosed to it in a way that breaches the Privacy Act; and
  • Tyro will not be accountable under the Privacy Act for any mishandling of the personal information, provided by Tyro, to the Overseas Recipient.

You may withdraw your consent to disclosures of your personal information by Tyro to the Overseas Recipients at any time by providing written notice to Tyro.

However, Tyro will not be able to provide its services/products to you.

Exchange of credit information with credit reporting bodies

In order to assess an application made by you, Tyro may obtain both consumer and commercial credit reporting information about you from a CRB in relation to any commercial credit which may be provided under that application.

Any consumer or commercial credit reporting information collected by Tyro may be disclosed to any of the entities set out above for the purposes of processing an application.

For the purposes of providing and managing commercial credit, Tyro may disclose your personal and credit information to CRBs for the purposes of undertaking a credit check in relation to an application made by you, for review purposes, for the purposes of assessing your eligibility for Tyro products or for the purposes of disclosing payment default information or a serious credit infringement in relation to commercial credit provided to you. We may disclose information to or collect information from the following CRBs whose privacy policy and contact details are at:

CreditorWatch –  www.creditorwatch.com.au
Equifax Australiawww.equifax.com.au or 13 8332
illion www.illion.com.au or 13 2333

This CRB may include any of your personal or credit information (including payment default information), disclosed to it by Tyro, in reports provided to other credit providers to assist other credit providers to assess your credit worthiness. You may access a copy of the CRB’s policy about its management of credit information on its website. You have the right to make a request to the CRB not to use or disclose your credit reporting information:

  • for the purposes of pre-screening of direct marketing by a credit provider; or
  • if you believe on reasonable grounds that you have been, or are likely to be, a victim of fraud.

Tyro’s policy about the management of credit information is set out in Tyro’s Privacy Policy. In accordance with Tyro’s Privacy Policy, you may request to access or correct your credit information and to make a complaint to Tyro.

AML/CTF – verification of identification

Tyro has obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (“AML Act”) in relation to collecting personal information and verifying that information for the purpose of verifying the identity of its customers and the beneficial owners of its customers. Tyro may satisfy these verification obligations using the following methods:

  • document-based verification; or
  • electronic verification through the Document Verification Service (“DVS”) (which can be accessed through a third party gateway service provider).

For the purposes of verifying the identity of an individual using the above methods, Tyro may directly or through the use of a third-party agent disclose an individual’s name, residential address, DOB, driver licence number, passport number and/or Australian citizenship certificate number to a CRB or other third party gateway service provider (“service provider”). The information disclosed by Tyro will be matched with information held by the document issuer or official record holder, using third party systems, for the purpose of confirming the identity of the individual. The CRB or service provider will provide Tyro an assessment of whether the personal information disclosed by Tyro matches personal information available through the DVS in relation to that particular individual.

By agreeing to this Privacy Statement and Consent you, you agree to Tyro disclosing your personal information to a CRB or other service provider for the purpose of making a request for verification of your identification using the verification methods set out above. If you do not consent to your identification being verified using the above methods, there are alternative verification options available. Please contact Tyro directly to find out about these options.

For further information about the DVS please visit www.dvs.gov.au.

Personal information of EU individuals

Tyro generally relies on the following legal bases for processing the personal information of individuals that are located in the European Union (“EU individuals”):

  • where it is necessary for the purposes of our legitimate interests including in connection with legal claims, compliance, regulatory and audit functions, prevention of fraud and ensuring data and system security;
  • where it is necessary for us to comply with our legal obligations; or
  • such other legal bases as set out in Tyro’s Privacy Policy.

However, if as an EU individual, over the course of your relationship with us, you provide us with consent to process your personal information for a particular purpose that is not covered by the above legal bases, you may withdraw this consent for these purposes at any time by contacting Tyro’s Privacy Officer using the details set out in Tyro’s Privacy Policy.

Consent and acknowledgement

By consenting to the collection, use and disclosure of personal and credit information in accordance with this Privacy Statement & Consent and Tyro’s Privacy Policy you acknowledge and agree that: Where you have provided information about another individual, you declare that the individual has been made aware of the fact and the contents of this Privacy Statement & Consent and the Privacy Policy.

You release Tyro and each other entity referred to in this Privacy Statement & Consent or the Privacy Policy (“Indemnified Party”) from liability for, and indemnify Tyro and each Indemnified Party against, all claims and losses arising out of the disclosures or exchange of personal or credit information in accordance with this Privacy Statement & Consent or the Privacy Policy.