Privacy Statement & Consent
Tyro Payments Limited ABN 49 103 575 042 (“Tyro”, “we”, “us”) is an APP entity and credit provider for the purposes of the Privacy Act 1988 (Cth) (“Privacy Act”). Tyro also has obligations under the European Union General Data Protection Regulation (“GDPR”) in relation to some personal information it collects.
- purposes for which Tyro collects your personal or credit information;
- consequences if you don’t provide your personal or credit information to Tyro;
- third parties which Tyro discloses your personal or credit information;
- how to access and seek correction of your personal or credit information;
- how to complain about a breach of Tyro’s obligations in respect of your personal or credit information and how Tyro will deal with a complaint;
- whether your personal or credit information is likely to be disclosed by Tyro to overseas entities and in which countries these entities reside;
- information about credit reporting, including the credit reporting bodies (“CRBs”) to which Tyro may disclose your personal or credit information; and
- matters associated with credit reporting that must be notified to you in accordance with the Privacy Act.
- the legal basis for Tyro’s processing of your personal information (including any legitimate interests for which processing is necessary);
- the appropriate safeguards Tyro has implemented in relation to the third countries to which we may transfer your personal information;
- the criteria Tyro uses to determine the period for which your personal information will be retained by Tyro;
- your rights to request access, rectification, data portability or erasure of your personal information or to request us to restrict processing of your personal information;
- your right to object to Tyro processing your personal information;
- your right to lodge a complaint with a supervisory authority;
- information about any automated decision-making used by Tyro, and
- the details of any EU representative appointed by Tyro.
Purposes of collection of personal and credit information
- direct marketing activities (excluding credit eligibility information);
- performing reference checks (including personal references) and conducting background enquiries;
- verifying any information provided by you to Tyro (including identification);
- reporting payment defaults to CRBs; and
- any other purpose necessary to process an application for services, facilities or any other arrangement with Tyro.
By agreeing to this Privacy Statement and Consent you consent to Tyro using your personal and credit information for the purposes set out above, including using your full name, address and date of birth (“DOB”) for the purposes of direct marketing activities. You may withdraw your consent to receive direct marketing communications from Tyro at any time by using the opt-out-option provided in each direct marketing communication or you may ask us at any time to include you on Tyro’s “No contact” list.
Exchange of personal and credit information
- CRBs, such as Equifax (see below);
- banks or financial institutions;
- referees provided to Tyro;
- government bodies; and
- other third parties.
By agreeing to this Privacy Statement and Consent you:
- authorise each source (including a credit reporting body, bank or financial institution) to give Tyro any information about you which Tyro requires for your application; and
- release Tyro and each source from liability for, and indemnify Tyro and each source against, all claims and losses arising out of disclosures made in the course of such inquiries.
Tyro discloses personal information to overseas third parties located in the United States of America, Singapore and China (each an “Overseas Recipient”) for the purposes of providing our products, product analytic services and services and products for storage of personal information to allow Tyro to conduct its direct marketing activities. Tyro has made reasonable investigations to ensure that these Overseas Recipients are reputable service providers.
By agreeing to this Privacy Statement and Consent you:
- consent to Tyro disclosing your personal information, such as full name, address and DOB to an Overseas Recipient for the purposes of providing our products, product analytic services and services and products for storage of personal information to Tyro to conduct its direct marketing activities;
- you will not be able to seek redress under the Privacy Act if the Overseas Recipient handles the personal information disclosed to it in a way that breaches the Privacy Act; and
- Tyro will not be accountable under the Privacy Act for any mishandling of the personal information, provided by Tyro, to the Overseas Recipient.
You may withdraw your consent to disclosures of your personal information by Tyro to the Overseas Recipients at any time by providing written notice to Tyro.
However, Tyro will not be able to provide its services/products to you.
Exchange of credit information with credit reporting bodies
In order to assess an application made by you, Tyro may obtain both consumer and commercial credit reporting information about you from a CRB in relation to any consumer or commercial credit which may be provided under that application.
Any consumer or commercial credit reporting information collected by Tyro may be disclosed to any of the entities set out above for the purposes of processing an application.
Equifax Australia – www.equifax.com.au or 13 8332
illion – www.illion.com.au or 13 2333
This CRB may include any of your personal or credit information (including payment default information), disclosed to it by Tyro, in reports provided to other credit providers to assist other credit providers to assess your credit worthiness. You may access a copy of the CRB’s policy about its management of credit information on its website. You have the right to make a request to the CRB not to use or disclose your credit reporting information:
- for the purposes of pre-screening of direct marketing by a credit provider; or
- if you believe on reasonable grounds that you have been, or are likely to be, a victim of fraud.
AML/CTF – verification of identification
Tyro has obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (“AML Act”) in relation to collecting personal information and verifying that information for the purpose of verifying the identity of its customers and the beneficial owners of its customers. Tyro may satisfy these verification obligations using the following methods:
- document-based verification; or
- electronic verification through the Document Verification Service (“DVS”) (which can be accessed through a third party gateway service provider).
For the purposes of verifying the identity of an individual using the above methods, Tyro may disclose an individual’s name, residential address, DOB, driver licence number, passport number and/or Australian citizenship certificate number to a CRB or other third party gateway service provider (“service provider”). The information disclosed by Tyro will be matched with information held by the document issuer or official record holder, using third party systems, for the purpose of confirming the identity of the individual. The CRB or service provider will provide Tyro an assessment of whether the personal information disclosed by Tyro matches personal information available through the DVS in relation to that particular individual.
By agreeing to this Privacy Statement and Consent you, you agree to Tyro disclosing your personal information to a CRB or other service provider for the purpose of making a request for verification of your identification using the verification methods set out above. If you do not consent to your identification being verified using the above methods, there are alternative verification options available. Please contact Tyro directly to find out about these options.
For further information about the DVS please visit www.dvs.gov.au.
Personal information of EU individuals
Tyro generally relies on the following legal bases for processing the personal information of individuals that are located in the European Union (“EU individuals”):
- where it is necessary for the purposes of our legitimate interests including in connection with legal claims, compliance, regulatory and audit functions, prevention of fraud and ensuring data and system security;
- where it is necessary for us to comply with our legal obligations; or
Consent and acknowledgement