Policy updated 17 July 2020

Laybuy Australia Pty Ltd ACN 640 349 971 at WeWork, Level 3 100 Harris Street, Pyrmont NSW 2009 and its related bodies corporate ("we", "us", "our") is committed to respecting your privacy and protecting your personal information. We will always collect, store, use and disclose your Personal Information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (together the "Privacy Act") as well as the Credit Reporting Privacy Code.

This privacy policy applies when you use our "Online Services", such as:

  • information offered on, and provided by our Website ("Website");
  • information and services offered on, and provided by signing up for a User Account on our Website ("User Account");
  • social media pages, including Facebook, Twitter, Youtube and Instagram; and
  • email communications and subscription services.

In this privacy policy, "Personal Information" includes any information, about an identified individual or an individual who can be reasonably identified from that information. The information will still be personal information whether it is true or not and regardless of whether we have kept a record of it. Personal information does not include information that has been made anonymous and cannot reasonably identify a specific person.

“credit-related information” means credit information which includes your identity and credit score.

“sensitive information” includes information relating to your racial or ethnic origin, political persuasion, memberships in trade or professional associations or trade unions, sexual preferences, criminal record, or health. Sensitive information will only be collected about you with your consent.

About this Privacy Policy

Please read this privacy policy carefully to understand how we manage your personal information including your credit-related information. By engaging with us in the ways set out in this privacy policy, you confirm that you have read and understood the entirety of this privacy policy, as it applies to you.

Changes to this Privacy Policy

We may modify, amend, change or replace any of the terms, conditions or provisions of this privacy policy from time to time, and we will notify you of any material changes by posting a notice with the updated version on our website, or via email if you have a User Account with us. The updated version will be effective from the time we post it on our Website. It is your responsibility to check this privacy policy periodically for changes.

Your continued use of our Online Services following notification of any changes to this privacy policy constitutes acceptance of those changes. If you do not agree with any aspect of the updated privacy policy, you must immediately cease all use of our Online Services.

The privacy policy can be downloaded free of charge from the Laybuy Australia Website here.

The privacy policy covers the following sections:

  1. How do we collect personal information
  2. What personal information do we collect and why
  3. How is your personal information used
  4. What circumstances might we disclose your personal information
  5. Credit-related information
  6. Storing and retaining personal information
  7. Data breaches
  8. Links to other Websites
  9. Direct marketing and cookies
  10. How you can request access or correct your personal information
  11. Customers located in the European Union
  12. Disclosure overseas
  13. Queries and complaints

1. How do we collect personal information

Depending on which one of our Online Services you use, we may collect personal information (including credit-related and sensitive information) about you directly. We may also receive information about you from third parties such as marketing agencies, credit reference agencies, market research companies, our suppliers, group companies, public websites and public agencies, which we refer to as “third party/ies” or “suppliers” throughout this privacy policy.

2. What personal information do we collect and why

The personal information we collect about you may include your:

  • name;
  • mailing or residential address details;
  • contact details such as telephone numbers, email address, social media platform user name;
  • government issued identifiers such as tax file number or driver’s license number;
  • bank account and credit card details;
  • employment details (for example, current and previous employment details)
  • credit history, credit capacity, repayment history and your ability to be provided with credit or credit worthiness;
  • photograph, video or audio recording; and
  • sensitive information such as information relating to your biometric data.

When you visit our Website or use our mobile applications, we may collect information about your location or activity, including internet service provider address, telephone number and whether you have accessed third party sites, the date and time of visits, the pages that are viewed, information about the device used and other user location information. We collect some of this information using cookies (see direct marketing and cookies section).

We collect your personal information (including credit information and credit eligibility information) so that we can consider any application for credit, establish and administer the products you hold with us, provide services to you or to comply with the law, such as the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth).

If we do not collect this information, we will be unable to provide you with our products or services.

3. How is your personal information used

We only collect, hold and handle personal information about you that is necessary for us to perform the Online Services you request from us that is otherwise reasonably necessary for our business activities or if required for us to comply with our legal and regulatory obligations.

We may use personal information we collect about you for a number of purposes including:

  • provide (or assess whether to provide) you with a User Account
  • processing transactions for the delivery of third party goods or services available through our Website;
  • customer support;
  • process transactions and send notices about your transactions;
  • financial institutions that we may partner with to jointly create and offer a product;
  • obtaining from credit reporting bodies and credit reporting agencies who provide us with your credit score for us to assess your creditworthiness;
  • debt collection agencies who provide us with debt collection and recovery services;
  • the merchant(s) where the purchase was made for the purpose of processing refunds and account reconciliation;
  • direct marketing; and
  • investigate and prevent potentially prohibited or illegal activities.

We will ensure that any third parties with who we share your personal information are subject to privacy and security obligations consistent with this privacy policy.

We may (and may authorise third parties to) use your personal information to process your transactions and to help us develop, improve, manage, administer and facilitate our services and operations - including to provide the Online Services, to help us to develop our Online Services to be more available and user friendly to our customers, to administer your User Account, for safety and security issues, for our own internal purposes (such as risk management, staff training and billing), to conduct market research, for any purpose permitted by law, and for any other use associated with such purposes or which you may authorise.

Application information for Android devices: We collect application information installed on your device to help us detect any risky applications or potential fraud. If we detect suspicious activity on your applications, we may take steps to fix this through our app. This helps protect both you and us from financial crime.

4. In what circumstances might we disclose your personal information

We do not sell, trade, or rent your personal information. However, we may use other companies to perform services on our behalf. In particular, we may use other companies to run a credit and identity check on you when you sign up for a User Account. In addition, we may provide statistics about our customers, sales, traffic patterns and related site functions to reputable third parties.

We will not otherwise disclose your personal information or credit-related information unless we believe on reasonable grounds that you have provided your authorisation. However, you should be aware that we may be required to disclose your personal information without your consent in order to comply with any court orders, subpoenas or other legal process or investigation including by tax authorities, if such disclosure is required by law. Where possible and appropriate, we will notify you if we are required by law to disclose your personal information or credit-related information.

5. Credit-related information

Credit-related information is comprised of:

  • Credit information, which includes information about an individual's identity, credit liability, type and amount of consumer or commercial credit previously applied for, repayment history, overdue payments, serious credit infringements, credit arrangements, court judgments and publicly available information about the individual's solvency or credit worthiness; and

  • Credit eligibility information, which includes the information we might derive from a consumer credit report, such as information which assists us to assess your suitability for credit, your credit history with other credit provided and the likelihood of you being able to meet your commitments to us.

We may exchange your credit-related information (including consumer credit reports) with credit reporting bodies (CRBs). However, we will only do this in relation to your credit application and the ongoing management of our credit relationship with you.

We disclose personal information to credit reporting bodies to obtain a credit report, and we may also disclose personal information to credit reporting bodies in the course of enforcing any credit agreement.

The CRB we use Experian Australia Credit Services Pty Ltd, whose website is www.experian.com.au and contact details are creditreport@au.experian.com or by post at Consumer Support Team, GPO Box 1969 North Sydney NSW 2060.

CRBs can use your credit information in reports provided to credit providers (such as us) to assist such providers to assess your credit-worthiness. You have the right to request a credit reporting body not use or disclose credit reporting information about you, if you believe on reasonable grounds that you have been, or are likely to be, a victim of fraud. Under law, CRBs can use information they collect to screen people before credit providers make offers to them. You can contact the credit reporting body if you do not want your credit information to be used for 'pre-screening assessments'.

Contact a CRB or check its privacy policy for more information about the above rights. The privacy policy of the credit reporting body will also govern the body's use, collection, disclosure and management of your personal information (including credit information).

6. Storing and retaining personal information

We are committed to protecting the security of your personal information and we take all reasonable precautions to protect it from unauthorised access, modification, or disclosure. We use industry standard (or better) administrative, physical and technical protections to safeguard the security, privacy, confidentiality and integrity of your personal information.

Personal information is only accessible to our employees or to authorised third party providers with incidental access to supply their services to us.

We do not retain any of your information longer than is required for the business relationship with you or for legal purposes. When we are informed, we will keep the personal information we hold accurate, complete, and up to date.

7. Data breaches

The Privacy Act 1988 (Cth) requires us to notify affected individuals and the Australian Information Commissioner about ‘eligible data breaches’. An eligible data breach occurs when the following criteria are met:

  • there is unauthorised access to or disclosure of personal information we hold (or information is lost in circumstances where unauthorised access or disclosure is likely to occur);

  • the access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates; and

  • we are unable to prevent the likely risk of serious harm with remedial action.

If it is not clear whether a suspected data breach meets these criteria, we will investigate and assess the breach to determine whether the breach is an ‘eligible data breach’ that requires us to notify the affected individuals. This is to ensure that you are notified if your personal information is involved in a data breach that is likely to result in serious harm. Even if the criteria are not met, we may decide it appropriate to notify you anyway as part of our commitment to taking privacy seriously.

8. Links to other Websites

Our Online Services may contain links to other Websites that are not under our control. These Websites may use cookies. It is the responsibility of those third parties to collect appropriate consents from you in order to permit their own cookies (to the extent this is required by law) and to inform you about the cookies they use. You should check the privacy policy on all third party Websites to ensure you are comfortable with third party cookies.

We have no responsibility for linked Websites and provide them solely for your information and convenience. We specifically disclaim responsibility for their content, privacy practices and terms of use, and we make no endorsements, representations, or warranties about their accuracy, content, or thoroughness. Your disclosure of personal information to third party Websites is at your own risk.

9. Direct marketing and cookies

We may use your personal information to promote and market our products and services, or the products and services of others. We may contact you by phone, email or SMS.

We are committed to full compliance with the Spam Act 2003 (Cth). By subscribing to emails and/or text communications, or otherwise providing your email address and/or mobile number, you consent to receiving emails and/or texts (as the case may be) which promote and market our products and services, or the products and services of others, from time to time.

You can unsubscribe from our email communications and/or text communications at any time by clicking the "Unsubscribe" link in any promotional or marketing email or text received or by emailing help@laybuy.com.

Once you have unsubscribed from the email or text communications, you will be removed from the corresponding marketing list as soon as is reasonably practicable.

We may collect aggregated information by using cookies. Cookies are unique identification numbers like tags that are placed on the browser of internet users. The cookies do not in themselves identify users personally but may link back to a database record about them. Where we use cookies on our Website or other Online Services, you may block these at any time. To do so, you can activate the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies), you may not be able to access all or parts of our Website or to use all the functionality provided through our Online Services.

10. How you can request access or correct your personal information

Subject to any exceptions in the Privacy Act, you may request access to the personal information we hold about you, or request that we update or correct any personal information we hold about you, by setting out your request in writing and sending it to us at help@laybuy.com.

We will review your request and respond to your request as soon as reasonably practicable but not later than 30 days from the date of your request. If we are unable to give you access to the information you have requested, we will give you reasons for this decision when we respond to your request.

Please note, however, that we may refuse requests in certain circumstances, for example if giving access would be unlawful or giving access would have an unreasonable impact on the privacy of other individuals. If an exception applies, we will tell you this when responding to your request. We may request you provide us with information necessary to confirm your identity before responding to any request you make.

We will only keep your personal information for as long as we require it for the purpose for which it was collected. However, we may also be required to keep some of your personal information for specified periods of time, for example under certain laws relating to companies, money laundering and financial reporting legislation.

11. Customers located in the European Union

From 25 May 2018, the General Data Protection Regulation (GDPR) regulates the processing of personal information under European Union (EU) law. The GDPR aims to protect the information relating to individuals in the EU and harmonise data protection laws across EU member states.

Our collection, use, disclosure and processing of your personal information is regulated by the GDPR if:

  • you interact with Laybuy UK;
  • we offer our products or services to you whilst you are in the EU; or
  • we monitor your behaviour whilst you are in the EU.

A copy of Laybuy UK privacy policy can be located here.

12. Disclosure overseas

We communicate with our related companies in New Zealand and the United Kingdom from time to time. Therefore, some disclosures may occur outside Australia. Our related company in New Zealand will use your personal information in accordance with their privacy policy which can be viewed here.

13. Queries and complaints

If you have any queries or complaints about our collection, use or storage of your personal information or your credit-related information (including a complaint relating to any failure by us to comply with our obligations under the credit reporting provisions of the Privacy Act 1988 (Cth) or under the Credit Reporting Privacy Code), or if you wish to exercise any of your rights in relation to your personal information, please contact help@laybuy.com. We will investigate and attempt to resolve any such complaint or dispute regarding the use or disclosure of your personal information.

If you are dissatisfied with the handling of your complaint, you may contact the Office of the Australian Information Commissioner: Office of the Australian Information Commissioner GPO Box 5218, Sydney NSW 2001 Telephone: 1300 363 992 Email: enquiries@oaic.gov.au