- DollarSmart has implemented practices, procedures and systems to ensure compliance with the PDPO and the Data Protection Principles and to deal with complaints and enquiries concerning your personal information.
- DollarSmart’s Regulatory and Compliance Officer (contact details in section 8 below) has overall responsibility for ensuring that DollarSmart and its employees, agents and subsidiaries comply with this Policy.
- If you are a client of DollarSmart, this Policy should be read in conjunction with DollarSmart's Customer Agreement.
2. Collection of personal data
- DollarSmart collects the following kinds of personal data:
1.1. your identity particulars, including your name, sex, address (and previous two addresses), date of birth, name of employer, passport number and drivers licence number;
1.2 details of services or products you acquire from DollarSmart or which you enquire about, together with any additional information necessary to deliver those services or products and respond to your enquiries;
1.3 information regarding transactions you conduct utilising DollarSmart’s services; any credit information that may be obtained in the course of obtaining the identity particulars described above;
1.4 personal data you provide to DollarSmart through DollarSmart’s support centre or in response to customer surveys;
1.5 any additional personal data you provide to DollarSmart online, by telephone, by email, by instant messaging or otherwise to DollarSmart representatives, or via your agents; and
1.6 where you are a client of DollarSmart, the contents of telephone conversations between you and DollarSmart representatives.
- DollarSmart is required to collect certain personal data under the Anti-Money Laundering and Counter-Terrorist Financing (Financial Institutions) Ordinance (Chapter 615), rules and other subordinate instruments (“AML/CTF Laws”).
- If DollarSmart does not collect your personal data, then DollarSmart may not be able to provide you with its services or products, or enter into contracts or undertake transactions with you.
- DollarSmart will collect your personal data only from you unless it is unreasonable or impracticable to do so.
- DollarSmart collects your personal data from you, or via your agents, in ways including the following:
5.1 through your access and use of the DollarSmart website;
5.2 during conversations between you and DollarSmart representatives;
5.3 when you complete an application, order form or a contract;
5.4 when you conduct transactions using DollarSmart’s services; and
5.5 when you send information in emails or correspondence to DollarSmart;
- DollarSmart will take reasonable steps to inform you if it collects personal data about you from someone else.
3. Purposes of collection, holding, use and disclosure of personal data
- DollarSmart collects, holds, uses and discloses your personal information for the following purposes:
1.1. to provide its services and products to you and undertake associated business processes and functions;
1.2 for administration, planning and account management;
1.3 where you are a client of DollarSmart, to identify you;
1.4 to monitor, develop and improve the quality of its services;
1.5 if you are registered with DollarSmart, to send you information that is relevant to the provision of its services;
1.6 to answer or process your enquiries or complaints, and provide information or advice;
1.7 to comply with any law, rule or regulation (for example, in Australia the AML/CTF Laws) or binding determination, or to cooperate with any governmental authority; and
1.8 any other purpose disclosed to you at the time DollarSmart collects your personal data.
- If DollarSmart sends you information that is relevant to the provision of DollarSmart’s services, and at any time you do not wish to receive that information, you may send DollarSmart an email opt-out and request that you not be included in any future mail-outs.
4. Disclosure of personal data
- DollarSmart may disclose your personal data as follows:
1.1. to DollarSmart’s contractors or service providers for the purposes of conducting its business and providing its services or products to you, including web hosting providers, IT systems administrators, mailing houses, couriers, payment processors, data entry service providers, electronic network administrators, debt collectors, and professional advisors such as accountants, solicitors, business advisors and consultants;
1.2 to DollarSmart’s intermediary banks in order to process certain transactions on your behalf, for example, by disclosing your name and address;
1.3 to any partners, agents or intermediaries who are a necessary part of the provision of DollarSmart’s products and services;
1.4 to international intermediaries to complete your transactions;
1.5 to any government regulatory bodies that normally require it or may request it;
1.6 in order for DollarSmart to satisfy its regulatory obligations under relevant AML/CFT Laws, for example in order to satisfy the obligation that DollarSmart take reasonable steps to verify the identity of its clients, DollarSmart may disclose your personal information to its external credit providers; and
1.7 as may be required under any other law.
- Any of the recipients referred to in paragraph 4.1 may be located overseas. The location of any such overseas recipient will depend on the country to which your transaction relates.
5. Information retention, quality and security
DollarSmart may hold personal data in electronic and/or hard copy format.
- Personal data shall be retained only for as long as may be needed for the fulfilment of the purpose(s) for which the information is collected, used or disclosed, or as required by the PDPO, any other law or a court/tribunal order. You should be aware that DollarSmart is obliged under relevant AML/CFT Laws to retain information relating to personal identity for 7 years.
- Subject to any legislative requirements, DollarSmart will destroy, erase, or make anonymous your personal information when it is no longer needed as referred to in paragraph 5.1.
- DollarSmart will take reasonable steps in the circumstances to ensure that your personal data is accurate, complete, and up-to-date, to minimise the possibility that inappropriate information may be used to make a decision about you.
- DollarSmart will not routinely update your personal data, unless such a process is necessary to fulfil the purposes for which the information is collected, used or disclosed. If you are a client of DollarSmart, in accordance with your Client Agreement, you must notify DollarSmart as soon as possible if any of the information you have provided to DollarSmart has changed.
- DollarSmart will take reasonable steps to maintain the security of your personal data. DollarSmart has in place a range of security safeguards to protect your personal data against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification, regardless of the format in which it is held.
- The methods of protection may depend on the sensitivity of the information and the format in which it is contained. Security measures employed by DollarSmart include: technological measures including SSL 512k bit encryption for all data transfers over the Internet; your data is stored securely in our database using 512kb encryption. physical measures such as locked filing cabinets and restricted access to offices; strategic measures such as security clearances and limiting access to a "need-to-know" basis; and DollarSmart ensures that its staff are aware of the importance of maintaining the confidentiality of personal information.
6. Access and correction
- You may request access to any personal data that DollarSmart holds about you at any time by contacting DollarSmart (contact details below). Where DollarSmart holds personal data that you are entitled to access, DollarSmart will within a reasonable period of your request (and always within 30 days of any such request) allow you access to that information. The requested information shall be provided or made available in the manner requested by you, if it is reasonable and practicable to do so, or otherwise in a suitable form such as by mailing or emailing it to you.
- You may point out to DollarSmart that any personal data held by DollarSmart is inaccurate, out of date, incomplete, irrelevant or misleading, and request correction of the information. DollarSmart will take appropriate action to amend the information as required, give you notice of any correction and, if requested take reasonable steps to, or if required by the PDPO, notify any third party to whom the information has been disclosed of the correction. If DollarSmart does not agree that there are grounds for amendment of your information then it will set out the reasons for its decision in writing and the mechanisms available to complain about the refusal, and upon request by you it will add a note to the personal data stating that you disagree with it.
- There may be circumstances which preclude DollarSmart from providing access to some or all of your personal data. For example, those circumstances could include:
- the information may impact on the privacy of other individuals;
- the information is commercially sensitive evaluative information;
- the information is subject to solicitor-client or litigation privilege;
- we have prohibited to providing it to you by any Australian Government Authorities (e.g for AML/CTF purposes.)
- DollarSmart is prohibited by law from providing you with access; or
- the disclosure could reasonably be expected to threaten the safety, physical or mental health or life of an individual.
4. If DollarSmart decides that it cannot grant you access to your personal data, or grant access in the manner requested by you, it will set out the reasons for its decision in writing and the mechanisms available to complain about the refusal.
Making a Complaint
- DollarSmart takes all complaints seriously, and will investigate all complaints.
- If you believe there has been a breach of the Data Protection Principles, or if you have any other concerns about DollarSmart’s handling of your personal data, please call us on +612 8073 0593 or email us at firstname.lastname@example.org. DollarSmart staff will be pleased to help and complaints can often be resolved at this early stage. If your concerns cannot be resolved at the first point of contact, the matter should be referred to DollarSmart’s Compliance Officer (contact details below). At this stage, DollarSmart will ask you to set out your complaint in writing providing as much detail as you can so that DollarSmart’s Compliance Officer can fully investigate your complaint. DollarSmart will then contact you with the results of its findings. You should allow up to thirty days from the time of your initial complaint, or such longer period as may be agreed to by you, to receive a response.
8. Contacting DollarSmart
If you have any questions or concerns about this Policy or the collection, use or handling of your personal information, you may contact the DollarSmart Compliance Officer at email@example.com or +612 8073 0593.
9. Office of the Australian Information Commissioner (OAIC)
OAIC is a government agency which oversees the Act and related legislation, and investigates complaints about handling of personal information under the Act. OAIC will in many cases only investigate cases once DollarSmart has been given the opportunity to resolve your complaint internally. You may lodge your complaint with OAIC by sending the necessary documents and information to:
Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Telephone: 1300 363 992
Facsimile: (02) 9284 9666
10. Availability and changes to this Policy
- This Policy is available on the AUDSmart website. DollarSmart may change this Policy from time to time. Any updated versions of this Policy will be posted on the website.
- You may request DollarSmart to provide a copy of the information in this Policy in an alternative form, such as in hard copy.