Policy updated 17 July 2020
Laybuy Australia Pty Ltd ACN 640 349 971 at WeWork, Level 3 100 Harris Street, Pyrmont NSW 2009 and its related bodies corporate ("we", "us", "our") is committed to respecting your privacy and protecting your personal information. We will always collect, store, use and disclose your Personal Information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (together the "Privacy Act") as well as the Credit Reporting Privacy Code.
- information offered on, and provided by our Website ("Website");
- information and services offered on, and provided by signing up for a User Account on our Website ("User Account");
- social media pages, including Facebook, Twitter, Youtube and Instagram; and
- email communications and subscription services.
“credit-related information” means credit information which includes your identity and credit score.
“sensitive information” includes information relating to your racial or ethnic origin, political persuasion, memberships in trade or professional associations or trade unions, sexual preferences, criminal record, or health. Sensitive information will only be collected about you with your consent.
- How do we collect personal information
- What personal information do we collect and why
- How is your personal information used
- What circumstances might we disclose your personal information
- Credit-related information
- Storing and retaining personal information
- Data breaches
- Links to other Websites
- Direct marketing and cookies
- How you can request access or correct your personal information
- Customers located in the European Union
- Disclosure overseas
- Queries and complaints
1. How do we collect personal information
2. What personal information do we collect and why
The personal information we collect about you may include your:
- mailing or residential address details;
- contact details such as telephone numbers, email address, social media platform user name;
- government issued identifiers such as tax file number or driver’s license number;
- bank account and credit card details;
- employment details (for example, current and previous employment details)
- credit history, credit capacity, repayment history and your ability to be provided with credit or credit worthiness;
- photograph, video or audio recording; and
- sensitive information such as information relating to your biometric data.
When you visit our Website or use our mobile applications, we may collect information about your location or activity, including internet service provider address, telephone number and whether you have accessed third party sites, the date and time of visits, the pages that are viewed, information about the device used and other user location information. We collect some of this information using cookies (see direct marketing and cookies section).
We collect your personal information (including credit information and credit eligibility information) so that we can consider any application for credit, establish and administer the products you hold with us, provide services to you or to comply with the law, such as the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth).
If we do not collect this information, we will be unable to provide you with our products or services.
3. How is your personal information used
We only collect, hold and handle personal information about you that is necessary for us to perform the Online Services you request from us that is otherwise reasonably necessary for our business activities or if required for us to comply with our legal and regulatory obligations.
We may use personal information we collect about you for a number of purposes including:
- provide (or assess whether to provide) you with a User Account
- processing transactions for the delivery of third party goods or services available through our Website;
- customer support;
- process transactions and send notices about your transactions;
- financial institutions that we may partner with to jointly create and offer a product;
- obtaining from credit reporting bodies and credit reporting agencies who provide us with your credit score for us to assess your creditworthiness;
- debt collection agencies who provide us with debt collection and recovery services;
- the merchant(s) where the purchase was made for the purpose of processing refunds and account reconciliation;
- direct marketing; and
- investigate and prevent potentially prohibited or illegal activities.
We may (and may authorise third parties to) use your personal information to process your transactions and to help us develop, improve, manage, administer and facilitate our services and operations - including to provide the Online Services, to help us to develop our Online Services to be more available and user friendly to our customers, to administer your User Account, for safety and security issues, for our own internal purposes (such as risk management, staff training and billing), to conduct market research, for any purpose permitted by law, and for any other use associated with such purposes or which you may authorise.
4. In what circumstances might we disclose your personal information
We do not sell, trade, or rent your personal information. However, we may use other companies to perform services on our behalf. In particular, we may use other companies to run a credit and identity check on you when you sign up for a User Account. In addition, we may provide statistics about our customers, sales, traffic patterns and related site functions to reputable third parties.
We will not otherwise disclose your personal information or credit-related information unless we believe on reasonable grounds that you have provided your authorisation. However, you should be aware that we may be required to disclose your personal information without your consent in order to comply with any court orders, subpoenas or other legal process or investigation including by tax authorities, if such disclosure is required by law. Where possible and appropriate, we will notify you if we are required by law to disclose your personal information or credit-related information.
5. Credit-related information
Credit-related information is comprised of:
Credit information, which includes information about an individual's identity, credit liability, type and amount of consumer or commercial credit previously applied for, repayment history, overdue payments, serious credit infringements, credit arrangements, court judgments and publicly available information about the individual's solvency or credit worthiness; and
Credit eligibility information, which includes the information we might derive from a consumer credit report, such as information which assists us to assess your suitability for credit, your credit history with other credit provided and the likelihood of you being able to meet your commitments to us.
We may exchange your credit-related information (including consumer credit reports) with credit reporting bodies (CRBs). However, we will only do this in relation to your credit application and the ongoing management of our credit relationship with you.
We disclose personal information to credit reporting bodies to obtain a credit report, and we may also disclose personal information to credit reporting bodies in the course of enforcing any credit agreement.
The CRB we use Experian Australia Credit Services Pty Ltd, whose website is www.experian.com.au and contact details are email@example.com or by post at Consumer Support Team, GPO Box 1969 North Sydney NSW 2060.
CRBs can use your credit information in reports provided to credit providers (such as us) to assist such providers to assess your credit-worthiness. You have the right to request a credit reporting body not use or disclose credit reporting information about you, if you believe on reasonable grounds that you have been, or are likely to be, a victim of fraud. Under law, CRBs can use information they collect to screen people before credit providers make offers to them. You can contact the credit reporting body if you do not want your credit information to be used for 'pre-screening assessments'.
6. Storing and retaining personal information
We are committed to protecting the security of your personal information and we take all reasonable precautions to protect it from unauthorised access, modification, or disclosure. We use industry standard (or better) administrative, physical and technical protections to safeguard the security, privacy, confidentiality and integrity of your personal information.
Personal information is only accessible to our employees or to authorised third party providers with incidental access to supply their services to us.
We do not retain any of your information longer than is required for the business relationship with you or for legal purposes. When we are informed, we will keep the personal information we hold accurate, complete, and up to date.
7. Data breaches
The Privacy Act 1988 (Cth) requires us to notify affected individuals and the Australian Information Commissioner about ‘eligible data breaches’. An eligible data breach occurs when the following criteria are met:
there is unauthorised access to or disclosure of personal information we hold (or information is lost in circumstances where unauthorised access or disclosure is likely to occur);
the access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates; and
we are unable to prevent the likely risk of serious harm with remedial action.
If it is not clear whether a suspected data breach meets these criteria, we will investigate and assess the breach to determine whether the breach is an ‘eligible data breach’ that requires us to notify the affected individuals. This is to ensure that you are notified if your personal information is involved in a data breach that is likely to result in serious harm. Even if the criteria are not met, we may decide it appropriate to notify you anyway as part of our commitment to taking privacy seriously.
8. Links to other Websites
9. Direct marketing and cookies
We may use your personal information to promote and market our products and services, or the products and services of others. We may contact you by phone, email or SMS.
We are committed to full compliance with the Spam Act 2003 (Cth). By subscribing to emails and/or text communications, or otherwise providing your email address and/or mobile number, you consent to receiving emails and/or texts (as the case may be) which promote and market our products and services, or the products and services of others, from time to time.
You can unsubscribe from our email communications and/or text communications at any time by clicking the "Unsubscribe" link in any promotional or marketing email or text received or by emailing firstname.lastname@example.org.
Once you have unsubscribed from the email or text communications, you will be removed from the corresponding marketing list as soon as is reasonably practicable.
10. How you can request access or correct your personal information
Subject to any exceptions in the Privacy Act, you may request access to the personal information we hold about you, or request that we update or correct any personal information we hold about you, by setting out your request in writing and sending it to us at email@example.com.
We will review your request and respond to your request as soon as reasonably practicable but not later than 30 days from the date of your request. If we are unable to give you access to the information you have requested, we will give you reasons for this decision when we respond to your request.
Please note, however, that we may refuse requests in certain circumstances, for example if giving access would be unlawful or giving access would have an unreasonable impact on the privacy of other individuals. If an exception applies, we will tell you this when responding to your request. We may request you provide us with information necessary to confirm your identity before responding to any request you make.
We will only keep your personal information for as long as we require it for the purpose for which it was collected. However, we may also be required to keep some of your personal information for specified periods of time, for example under certain laws relating to companies, money laundering and financial reporting legislation.
11. Customers located in the European Union
From 25 May 2018, the General Data Protection Regulation (GDPR) regulates the processing of personal information under European Union (EU) law. The GDPR aims to protect the information relating to individuals in the EU and harmonise data protection laws across EU member states.
Our collection, use, disclosure and processing of your personal information is regulated by the GDPR if:
- you interact with Laybuy UK;
- we offer our products or services to you whilst you are in the EU; or
- we monitor your behaviour whilst you are in the EU.
12. Disclosure overseas
13. Queries and complaints
If you have any queries or complaints about our collection, use or storage of your personal information or your credit-related information (including a complaint relating to any failure by us to comply with our obligations under the credit reporting provisions of the Privacy Act 1988 (Cth) or under the Credit Reporting Privacy Code), or if you wish to exercise any of your rights in relation to your personal information, please contact firstname.lastname@example.org. We will investigate and attempt to resolve any such complaint or dispute regarding the use or disclosure of your personal information.
If you are dissatisfied with the handling of your complaint, you may contact the Office of the Australian Information Commissioner: Office of the Australian Information Commissioner GPO Box 5218, Sydney NSW 2001 Telephone: 1300 363 992 Email: email@example.com