Privacy Policy
1. Introduction
This Privacy Policy applies to Pact Group Holdings Limited ACN 145 989 644 and all of its subsidiaries (collectively referred to as (“Pact”, “we” “us”) for the purposes of this Privacy Policy) At Pact your privacy is important to us. We are committed to protecting your privacy when managing your personal information.
We have policies and procedures to ensure that all personal information is handled carefully and securely in accordance with applicable privacy laws (in Australia, the Australian Privacy Principles (“APPs”) contained in the Privacy Act 1988 (Cth) (“Australian Privacy Act”), and in New Zealand, the Information Privacy Principles (“IPPs”) contained in the Privacy Act 2020 (“NZ Privacy Act”)).
The purpose of this Privacy Policy is to tell you:
- What kind of personal information we may gather about you;
- How we may use that information and the choices you have regarding our use of such information;
- Whether we disclose your personal information to anyone;
- How you may inquire, access and/or seek correction of your personal information and our access and correction handling procedure; and
- How you may alert us about an alleged breach of the APPs/IPPs and our complaint handling procedure.
2. Collection of information
The types of information that Pact collects from you will depend on the circumstances of collection and on the service that we are providing to you.
2.1 Personal information
The type of personal information collected will be directly related to the specified purpose it has been collected for. How much of your personal information that you choose to disclose to us is completely up to you. Generally, the only way we know something about you personally is if you provide it to us. However, failure to provide certain information may result in Pact being unable to provide you with the relevant product or service. We will make you aware of the purpose for which we collect the personal information and, where possible, the consequences of not providing it at the time of collection.
For example:
• If you request products or services from us, we may collect information such as your name and contact details (i.e. billing and/or postal address, phone/fax number(s) or email address), date of birth and/or credit card details.
• If you sign up to use a particular service such as our newsletter(s) and e-newsletters, mail outs (about product updates and developments, special events or promotions), loyalty or rewards program(s) or enter into a competition operated by us, we may collect information such as your date of birth and your interests and any other information required to provide that service to you (in addition to your name and contact details).
• If you participate in any surveys we, or a third party service provider acting on our behalf, may conduct from time to time on our website, personal information relating to your survey responses.
• If you make an inquiry, provide feedback or make a complaint to us, we may collect your name and contact details. Privacy Policy 2 of 10 2 Collection of information
• If you are applying for employment with us, we may collect any information that is relevant to such employment including: – Your name and contact details (i.e. residential address, phone number(s) and/or email address); and – Any other information relevant to the recruitment process (including any information contained in the application form and your resume). You acknowledge that the personal information we collect from you is your own information or information which you have been authorised to provide us.
2.2 Sensitive information
Pact does not generally collect sensitive information as defined under the Australian Privacy Act, such as racial or ethnicity information, political opinions or associations, criminal records or health information. However:
• Subject to obtaining your prior consent, we may collect sensitive information from you in the course of considering an application for employment;
• We collect COVID-19 survey information (including health information) in order to manage/prevent COVID-19 in the workplace. We may use or share your check-in details for contact tracing purposes or if required by law. Your personal info will only be shared with the relevant health or government authorities to help with an outbreak of the coronavirus (COVID-19) pandemic. If there is no outbreak at a site you have visited, we will delete your check-in details after 28 days. If we are required to provide your details to the relevant authorities, they can hold onto it for more than 28 days.
2.3 Unsolicited information
Where unsolicited information is received by us, we will determine, within a reasonable period of time, whether or not we would be permitted to collect the information under the APPs/IPPs. If it would not be permitted for us to collect the information, we will destroy the information or ensure it is de-identified as soon as practicable. Otherwise, we may retain the information in accordance with the terms of this policy.
2.4 Anonymous information
We may also collect information about visitors to our website(s). For example, we may collect:
• Statistical information about the number of visitors to the websites and the date, time and duration of visits;
• The name of the domain/URL from which you access our websites; and
• The internet protocol address. However, we do not collect information about the identity of the visitors unless they voluntarily provide that information.
3. Method of collection
This personal information will only be collected through lawful and fair means and not in an unreasonably intrusive way. Pact collects your personal information when you deal with us directly, including via our website(s), via forms or correspondence (i.e. by mail or email), over the phone or in person. We may also collect personal information through our related bodies corporate and our third party service providers (such as data relating to survey responses) so that we may provide a better or more relevant product or service to you.
4. Use of information
4.1 Use of personal information
We will use the personal information you have chosen to provide us for the purpose for which you provided it or a related secondary purpose which you would reasonably expect. We will not use it for any other purpose without your consent, unless permitted or required by law. Generally, we will use your personal information for the following purposes:
• Providing the products and/or services you have requested from Pact including for example: – to process sales transactions (whether in store or online); – to deliver the products or services to you; – to register you for a service requested by you, such as our newsletter(s) and e-newsletters, mail outs, rewards program(s) or competitions and administering such services; – to respond to any inquiries, feedback or complaints made by you;
• Direct marketing of products and services which we believe may interest you, including product updates and developments, special events or promotions;
• Assisting us to improve our products and services and making them more relevant to you;
• Assisting us to improve our website(s);
• Processing and assessing employment applications for current and future positions; and
• Otherwise managing our internal business operations and processes.
4.2 Direct Marketing
Pact will only use your personal information for the purpose of direct marketing activities where we have obtained your consent to do so, or in circumstances where we have collected the information directly from you and you would reasonably expect that your personal information would be used or disclosed for this purpose. We may also share your personal information with our related entities, so that they can provide you directly with marketing material about their products and services. Pact will provide you with the opportunity to “opt out” of receiving marketing materials at the time of collection and/or at any time afterwards by either unsubscribing from the email service or contacting our Privacy Officer via the contact details provided below.
4.3 Use of anonymous information
Pact gathers anonymous information to:
• Monitor the use of our website(s);
• Help us make improvements to the website(s); and
• Offer relevant information and services to as many users as possible.
5. Disclosure
There will be occasions where it will be necessary for Pact to disclose your personal information to third parties.
Pact may disclose your personal information to:
• Contractors and third party service providers on a confidential basis that we use in the ordinary course of our business to assist with the delivery of the product or service. This includes organisations such as marketing agencies, data processing companies, printing and mailing houses, delivery companies, or finance agencies or debt collection agencies;
• Other members of Pact’s corporate group for marketing purposes (subject to obtaining your prior consent, if necessary);
• Government authorities or other third parties as required by law, and relevant health or government authorities to help with an outbreak of the coronavirus (COVID-19) pandemic or other serious public health issues; or any other purpose that you have consented to.
6. Transfer of information outside Australia or New Zealand
Pact may transfer your personal information to our related entities and third party service providers based overseas. We may also transfer your personal information to service providers who will hold your information on a cloud computing system which may hold your data on servers located outside of Australia or New Zealand. However, where your personal information is disclosed to an overseas recipient or a cloud computing system, we will take adequate measures to ensure that your personal information is handled in accordance with, or to a comparable safeguard to, the APPs/IPPs, the Australian Privacy Act or NZ Privacy Act (as applicable) and our instructions in accordance with this Privacy Policy. By providing us with your personal information, you consent to your personal information being stored or sent overseas for the purposes set out in this Policy.
Other than as stated above, we do not disclose personal information that you may give us to any organisation or person outside of Pact unless you have authorised us to do so.
7. No sale of personal information
Under no circumstances will Pact sell or receive payment for licensing or disclosing your personal information.
8. Security
The security of your information is important to us. Pact operates secure data networks that are designed to protect your privacy and security. When we have collected information about you it cannot be seen or modified by anyone else. Pact has implemented generally acceptable standards of technology and operational security to ensure personal information (in both physical and electronic form) is protected against loss, misuse, interference and unauthorised access.
Only authorised Pact personnel and contractors are provided access to personal information and have agreed to ensure the confidentiality of this information. Reasonable steps are taken to destroy or permanently de-identify any personal information that is no longer required.
We review and update our security measures in light of current technologies. You should however be aware that the internet is not a secure environment and information sent via the internet (including email) cannot be guaranteed to be totally secure.
9. Data quality, access and correction
Under both Australian Privacy Act and the NZ Privacy Act you have certain rights of access to correct your personal information.
9.1 Access
If you have an online account with us to access one of our online services or products or loyalty programs, you may access your personal information at any time by accessing your subscriber/ account details via the relevant facility on our websites.
Otherwise, you may at any time, request access to personal information that Pact holds about you by making a request to our Privacy Officer at the address or email address below.
We will endeavour to process any requests for access to personal information within a reasonable period of time. Where possible, we will provide you with access to that information either by providing you with copies of the information requested, allowing you to inspect the information requested, or providing you with a summary of the information held. If we need to deny your request for access we will let you know why and inform you how you may lodge a complaint regarding this decision. Generally, this will only be in cases where providing access would be unlawful or is subject to a potential legal claim or proceeding. Pact may charge a nominal fee for supplying personal information.
9.2 Correction
We will try to ensure that all information we collect, use or disclose about you is accurate, complete, up-to-date and relevant to the service or products being provided.
If you have an online account with us to access one of our online services or products, you may change your personal information at any time by accessing your subscriber/account details via the relevant facility on our website(s).
Otherwise, if you discover or suspect that there is an error or information is missing, please forward your request for correction to our Privacy Officer in writing at the address or email address below. Our Privacy Officer will consider your request as soon as practicable, manage the correction of your personal information and will update you in writing. If your correction request is refused, our Privacy Officer will provide you within a reasonable period of time the reasons for such refusal and inform you of the complaint process (see below).
10. Complaints about privacy and our complaint handling procedure
If you have any complaints relating to the management of your personal information or if you believe there has been a breach of the APPs/IPPs by Pact, please forward your complaint in writing to our Privacy Officer at the address or email address below.
Our Privacy Officer will consider the complaint and advise you of their decision in writing within a reasonable time from receipt of the complaint.
If our Privacy Officer determines that there has been a breach of the APPs/IPPs or this Privacy Policy, s/he will endeavour to ensure that the breach is rectified as soon as practicable but within 30 days from the date of the decision and will update you in writing. If the breach has not been rectified within 30 days, then our Privacy Officer will inform Pact’s Managing Director in order to resolve the matter. If a breach is of such a nature that Pact is required under the Australian Privacy Act or NZ Privacy Act (as applicable) to notify you or the Office of the Australian Information Commissioner or New Zealand Privacy Commissioner (as applicable), Pact will provide this notice in accordance with the relevant Privacy Act.
If you are still not satisfied after lodging a complaint with us and given us a reasonable time to respond, then we suggest that you contact the applicable Commissioner as follows:
Australia: Office of the Australian Information Commissioner by:
Phone: 1300 363 992 (local call cost but calls from mobile and pay phones may incur higher charges). If calling from overseas (including Norfolk Island): +61 2 9284 9749
TTY: 1800 620 241 (this number is dedicated to the hearing impaired only, no voice calls.)
TIS: Translating and Interpreting Service: 131 450 (If you don’t speak English or English is your second language and you need assistance and ask for the Office of the Australian Information Commissioner)
Post: GPO Box 2999 Canberra ACT 2601 Fax: +61 2 9284 9666
Email: enquiries@oaic.gov.au
New Zealand: Office of the Privacy Commissioner by:
Phone: 0800 803 909
Post: PO Box 10 094, Wellington 6143
Email: enquiries@privacy.org.nz
11. Contact Privacy Officer
Please contact our Privacy Officer on the contact details below if you would like to:
• Enquire about or request access and/or update your personal information;
• Report an alleged breach of your privacy rights or make a complaint; or
• Talk to our Privacy Officer about our Privacy Policy.
Please contact:
Post: Privacy Officer, Pact Group Holdings Limited,
Level 5, Building 1, 658 Church Street, Cremorne VIC 3121
Telephone: 1800 826 972
Facsimile: +61 3 9815 8388
E-mail: general.counsel@pactgroup.com
12. Miscellaneous
“Personal information” has the same meaning as in the Australian Privacy Act or NZ Privacy Act, as applicable.
“Website(s)” refers to all websites which are owned, operated or under the control of Pact including www.pactgroup.com.
Pact reserves the right to modify or amend this Privacy Policy at any time. The effective date will be displayed at the beginning of the policy
13. Further information on privacy
For more information about your privacy rights in Australia, visit the Office of the Australian Commissioner’s website, www.oaic.gov.au
For more information about your privacy rights in New Zealand, visit the Office of the Privacy Commissioner’s website, www.privacy.org.nz
14. Credit Reporting Policy
Credit applications by businesses for our services
Pact provides ‘commercial credit’ for the purposes of the Australian Privacy Act or NZ Privacy Act, as applicable, to businesses who apply for credit in relation to our goods and services. We do not provide any consumer credit.
References to “you” and “your” in this credit reporting policy are references to individuals in relation to whom we hold credit information for the purposes of the Australian Privacy Act or NZ Privacy Act or New Zealand Credit Reporting Privacy Code 2020 (‘NZ Credit Reporting Privacy Code’) (as applicable), or credit eligibility information for the purposes of the Australian Privacy Act, in connection with such credit. This policy provides details about our management of such information.
15. How we collect and hold ‘credit information’ and ‘credit eligibility information’ about you
“Credit information” relates mainly to your credit-related dealings with us and comprises various types of information collected by credit reporting bodies (Australia) or credit reporters (New Zealand) (“CRBs”) that report on credit worthiness.
We may collect or generate various categories of ‘credit information’ about you. We may also collect “credit eligibility information” about you, which is mostly information provided by CRBs relating to your dealings with other credit providers (for example, financial institutions that provide you with loans or other businesses that provide you with credit in connection with their products or services).
“Credit information” and “credit eligibility information” may include:
• Identification information: such as your name, address, date of birth or employer;
• Credit liability information: being information about credit accounts you hold with other credit providers;
• Details about information requests made to CRBs: such as the fact that we or another credit provider have requested credit reporting information about you from a CRB to assess a credit application and various details about the credit you have applied for;
• Default information: being information about overdue payments owed by you in connection with credit which have been disclosed to a CRB by other credit providers;
• Payment information: being information that an overdue payment has been repaid;
• Information about credit-related serious credit infringements;
• New arrangement information: being information about certain credit-related arrangements you may have entered with another credit provider in connection with a credit default or serious credit infringement;
• Court proceedings information: being information about certain credit-related judgments;
• Personal insolvency information: being information recorded in the National Personal Insolvency Index (for Australia)_about bankruptcy or various other insolvency-related matters;
• Publicly available information about activities relating to credit worthiness; and
• Any other types of credit information described in the Australian Privacy Act or NZ Credit Reporting Privacy Code (as applicable).
Credit eligibility also includes credit worthiness information that we may derive from data we receive from a CRB, such as a credit risk score.
We may collect credit information about you in any of the circumstances described above under the heading “How we collect your personal information” above. We collect credit eligibility information from CRBs but may collect it from other third parties where permitted by the Australian Privacy Act or NZ Privacy Act or NZ Credit Reporting Privacy Code (as applicable) (such as from other credit providers with your consent).
We store and safeguard your credit information and credit eligibility information in the manner described in the Privacy Policy above.
16. How we use and when we disclose your credit information and credit eligibility information
We may disclose your credit information to CRBs. Those CRBs may then include that information in credit reporting information that they provide to other credit providers to assist them to assess your credit worthiness. For example, we may disclose to a CRB the type of commercial credit, and the amount of credit, sought in your application for credit with us. We may also use and disclose your credit information for other purposes and in other circumstances as described in the Privacy Policy above when permitted to do so by the Australian Privacy Act or NZ Privacy Act or NZ Credit Reporting Privacy Code (as applicable).
Our use and disclosure of credit eligibility information is regulated by provisions of Part IIIA of the Australian Privacy Act and the Australian Credit Reporting Privacy Code or the NZ Privacy Act or NZ Credit Reporting Privacy Code (as applicable). We will only use or disclose such information for purposes permitted by these provisions, such as:
• To process an application for credit with us in relation to our goods and services;
• To manage the commercial credit we provide and collect overdue payments; or
• Where a disclosure is required or authorised under an Australian or New Zealand law (as applicable) or a court/tribunal order.
17. Correction of and access to credit information and credit eligibility information
To request correction of, or access to, your credit eligibility information please see the heading “Correction and access” above.
18. Complaints regarding our compliance with credit reporting requirements
If at any time you would like to make a complaint about whether we have complied with Part IIIA of the Privacy Act or with the Australian Credit Reporting Privacy Code or the NZ Privacy Act or the NZ Credit Reporting Privacy Code (as applicable) please contact our Privacy Officer at the address or email in the “Contact Privacy Officer” section above, so that we may resolve your concerns.
If you make such a complaint, we will write to you as soon as possible acknowledging that we have received your complaint and setting out how we will deal with it. We will endeavour to investigate and resolve your complaint within a reasonable period of time. We may need to consult with a CRB or another credit provider to do so. If we need more than 30 days to resolve your complaint, we will advise you of the reasons for the delay and ask for your consent to extend this day period.
Document description Privacy Policy
Document applies to Pact Group Holdings Ltd
Document owner Company Secretary
Document approved / adopted by Board of Directors
Version number 1.2
Adoption date April 2021