- General
- This Privacy Policy and Collection Statement details Our commitment to protect You and Your customers’ Personal Information.
- We may collect, use, disclose, transfer or otherwise handle any Personal Information, and complies with the Privacy Act 1988 (Cth) (“Privacy Act”) and the Australian Privacy Principles (“APPs”) and applicable Laws.
- Collection of Personal Information
- Information You Provide
- We collect Personal Information You provide to Us voluntarily, such as Your name, phone number, email address, home address, business address, business name, bank account, taxation information, driver’s licence and utility bills.
- We may collect Your Personal Information in the course of Your use of the Services, or:
- when You provide it to Us, or You offer or apply for use of our products or Services;
- when You provide it to Us in any way (including by completing a form, disclosing information over the phone or via email, or providing us a business card);
- during the application process for the use of Our products or Services;
- when You provide feedback to Us;
- when You visit or fill in a form on Our website;
- when You visit a premises from which We operate;
- when You otherwise contact Us by telephone, fax, email, social media, post or in person; or
- where We are otherwise required or authorised by Law to do so.
- Information that is Collected Automatically
- We collect some information about You automatically through cookies or similar technologies when you interact with Our website or Dashboard. This information may include but is not limited to the type of device You use, Your operating system and software version identifiers, Your IP address, Your browser type and the pages You view on Our website or Dashboard, and what interactions You have with the content.
- Information Obtained from Other Sources
- We may receive Your Personal Information from other sources, including third parties such as credit ratings agencies, identity verification agencies, banks and service partners that are authorised to provide such information. We also seek and receive information about You from social media platforms when You interact with Us on those platforms or when We are conducting fraud analysis.
- We may also collect Your Personal Information from other third parties, including but not limited to:
- Your nominated representative;
- Our share registry service provider; and
- other publicly available sources of information.
- Information Relating to Children and Minors
- We do not target or market intentionally to children under eighteen years of age. Visitors of all ages may interact with Our website, but no information is collected knowingly about those under the age of eighteen without parental consent. If Your Account has been registered by a child under eighteen years of age using false information, Your Account will be closed and any Personal Information collected will be erased from Our records.
- Our Obligations
- Without limiting Clause 1.3, We must:
- only use Personal Information to the extent necessary to perform Our own obligations in accordance with the Agreement;
- without limiting any of Our own obligations under the Agreement, take such steps as are reasonable in the circumstances to protect any Personal Information from:
- misuse, interference and loss; and
- unauthorised access, modification or disclosure;
- not do anything that adversely affects the accuracy, currency or completeness of any Personal Information;
- ensure that reasonable organisational steps including encryption, staff training and security measures are taken to protect Your Personal Information from misuse or intrusion;
- ensure that none of Our Personnel who have access to any Personal Information use, disclose, transfer or retain such Personal Information except to the extent necessary to perform their duties of engagement;
- notify You immediately if We become aware of any actual or potential misuse, interference, loss or unauthorised access, modification or disclosure of Personal Information, or if We become aware of a breach of this Clause;
- notify You as soon as reasonably practicable after We receive any:
- request concerning access to or correction of any Personal Information; or
- complaint about the handling of any Personal Information;
- comply with any reasonable requests or directions from You concerning:
- the storage, security, use and disclosure of any Personal Information;
- remedying or otherwise dealing with any event referred to in Clause 3.1(m)(vi); and
- the handling of any request or complaint referred to in Clause 3.1(m)(vi);
- notify You as soon as reasonably practicable after We become aware that a disclosure of any Personal Information may be required by Law;
- at any time at Your request, or on the termination or expiration of the Agreement for any reason:
- ensure that any Personal Information is de-identified, as defined in the Privacy Act, or destroyed except as required by Law; or
- otherwise deal with any Personal Information in accordance with Your reasonable directions;
- if We become aware that there are reasonable grounds to suspect that an Eligible Data Breach may have occurred in relation to any Personal Information collected, stored or processed by Us in the course of providing the Services:
- promptly provide written Notice to You specifying the nature and details of the suspected Eligible Data Breach, the kind of Personal Information potentially affected and recommendations for any actions to be taken by You in response to the breach;
- carry out a reasonable and prompt assessment of whether there are reasonable grounds to believe that the suspected Eligible Data Breach amounts to an actual Eligible Data Breach; and
- promptly discuss in good faith the results of the assessment with You, as well as the proposed preventative, remedial or other action to be taken by Us;
- if We become aware that there are reasonable grounds to believe that an Eligible Data Breach has occurred in relation to any Personal Information (whether after conducting an assessment of a suspected Eligible Data Breach in accordance with Clause 3.1(l)(ii) or otherwise):
- if as assessment pursuant to Clause 3.1(l)(ii) has not been conducted, prior to taking any other action in connection with the Eligible Data Breach, immediately provide written Notice to You of the nature and details of the Eligible Data Breach, the kinds of information concerned and recommendations for any actions to be taken by You and/or affected individuals in response to the breach;
- promptly discuss and negotiate in good faith with You which Party will be the Party responsible for fulfilling the relevant notification requirements under the Law in respect of the Eligible Data Breach, including notifications to the Office of the Australian Information Commissioner (“OAIC”) and the relevant affected individuals;
- where the Parties agree that We will be the Party responsible for fulfilling the relevant notification requirements, and We comply with all such requirements in accordance with the Privacy Act, You must provide any and all assistance as may be necessary;
- obtain Your approval prior to issuing any relevant notification statements to the OAIC and affected individuals in accordance with the Privacy Act. You must not unreasonably withhold Your approval where We are required by Law to issue a notification and You have not made a determination to fulfil the notification requirement Yourself;
- You must provide approval as soon as reasonably practicable to Us under Clause 3.1(m)(iv) above to enable Us to comply with Our notification requirements;
- promptly take appropriate remedial action to mitigate any loss or interference with privacy flowing from the Eligible Data Breach, prevent any further serious harm to affected individuals and protect the affected Personal Information from further misuse or breach; and
- without limiting the foregoing, cooperate with and provide reasonable assistance to You for the purpose of ensuring that You comply with the statutory obligations under the Privacy Act.
- Use and Disclosure of Your Personal Information
- Purpose for Collection of Personal Information
- Personal Information collected by Us in connection with the Services may be held and used by Us to assist in the administration of the Services. This may be to allow Us to:
- identify and communicate with You;
- enable Us to provide You with requested information;
- otherwise assist You by providing You with information and support;
- collect and process payments (either on behalf of You as part of Our Services, or for payments made to Us e.g. by You in consideration for Our Services);
- help Us to manage and enhance products or Services we provide to You; and
- personalise and customise Your experience on Our website.
- We may also use Your Personal Information to:
- help Us manage and respond to a general or specific shareholder enquiry;
- process share applications and services shareholders’ needs;
- provide facilities and services a shareholder may request;
- carry out appropriate administration in relation to Our shareholders and Our share registry, including to submit listing applications to, or respond to enquiries from, corporate regulators;
- conduct research for the purposes of improving existing products or Services or creating new products or Services;
- help us research the needs of Our customers to enable Us to market Our products and Services with a better understanding of their needs generally;
- analyse our shareholder base and for development and planning;
- protect You and Us from fraud;
- help us manage Our business operations;
- facilitate business support including maintenance, backup and audits;
- respond to any queries or complaints You may have; and
- comply with Our statutory and legal obligations.
- Personal Information collected by Us may be used for the purpose of direct marketing Our Services. Such direct marketing will only be directed towards entities We already provide Services to or their representatives, or any other person who expresses an interest in receiving Our Services. Direct marketing can be discontinued at any time by request from You.
- We may seek and obtain information from third parties including credit reporting agencies for the purpose of creating and maintaining a credit information file containing Personal Information about You. This may include a commercial or consumer credit report, bank reference, third party opinion, credit memorandum or other information as is reasonably necessary to assess and maintain Your credit position.
- As required by the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (“AML/CTF Act”), prior to providing the Services, we will collect and verify Your Personal Information to ensure its accuracy and validity.
- Disclosure of Personal Information
- After collecting Your Personal Information, to the extent permitted by the Law, we may disclose it to:
- Our Affiliates, agents, representatives and subcontractors;
- Your nominated representatives;
- any financial institution You have an account with;
- professional service providers and advisors who perform functions on our behalf, such as lawyers;
- Your and Our insurers;
- Government Bodies or other regulatory agencies as required by Law;
- debt collecting agencies;
- Financial Services Providers including but not limited to Mastercard, Eftpos, Visa or American Express;
- credit reporting bodies;
- document verification service providers, document issuers or official record holders via third party systems;
- to the extent permitted by Law, any entity reasonably necessary to allow Us to provide the Services;
- any entity You reasonably request Us to disclose Your Personal Information to; and
- any entity you consent to Us to disclosure Your Personal Information to.
- Automated Decision-Making and Artificial Intelligence
- We use computer programs and automated systems, including Artificial Intelligence (“AI”), to make or assist in making decisions about Your eligibility for Our Services and products.
- Personal Information that may be used in the operation of such computer programs and automated systems includes information you provide to Us at the time of applying to use Our Services, such as:
- Your name;
- Your telephone number;
- Your email address;
- Your home address;
- Your device ID, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from the sites, ad data, IP address and standard web log information;
- Your business address;
- Your business name;
- Your bank account;
- Your bank account balance;
- Your bank account transaction details;
- Your direct debits and scheduled payments;
- Your saved payees;
- Your taxation information;
- Your driver’s licence details; and
- Your utility bills.
- The kinds of decisions made solely by the operation of such computer programs and automated systems includes:
- the initial assessment of Your business to determine whether or not it is classified as high-risk to Us and / or Our Affiliates or Financial Services Providers; and
- the initial determination as to whether Your business is eligible to receive Services from Us.
- Overseas Disclosure
- Some of Your Personal Information may be disclosed, transferred, stored, processed or used overseas by Us, or by third party service providers. This may happen if:
- Our offices or related entities are overseas;
- We outsource certain activities or Services overseas;
- Transactions, information, Services or products have an overseas connection; or
- Our computer systems including information technology services are located overseas.
- You consent to the collection, use, storage, and processing of Your Personal Information outside of Australia as set out in this Privacy Policy and Collection Statement.
- In particular, Your Personal Information may be disclosed to third parties in the United Kingdom, New Zealand and/or the United States and such other countries in which those parties or their, or Our, computer systems may be located from time to time, where it may be used for the purposes described in this Privacy Policy and Collection Statement.
- Notification of Changes to this Privacy Policy
- We reserve the right to update or alter this Privacy Policy and Collection Statement and You are encouraged to check on our website at www.fatzebra.com periodically for updates.
- Your Rights
- Accessing Your Personal Information
- You may at any time:
- request a copy of our Privacy Policy;
- request a copy of Your Personal Information held by Us;
- request We delete Your Personal Information held by Us;
- request We correct or amend any of Your Personal Information held by Us; and
- request that We do not send Your Personal Information to any other organisation for the purpose of direct marketing.
- any reasonable request made under Clause 6.1(a) must be complied with by Us, to the extent required by the Law, in a timely manner and must be responded to in a reasonable period.
- We may be unable to continue to provide the Services to You if we comply with a request made under Clause 6.1(a)(iii).
- Further Information and Contact
- You may contact Us at any time regarding this Privacy Policy and Collection Statement at the below contact details:
Fat Zebra Pty Ltd
Phone: 1300 281 640
Post: Level 2, 58-62 Kippax Street, Surry Hills NSW 2010
Email: notices@fatzebra.com
Website: www.fatzebra.com
- If You are not satisfied with your communication with Us in relation to this Privacy Policy and Collection Statement, you can refer Your complaint to:
Office of the Australian Information Commissioner
Phone: 1300 363 992
Post: GPO Box 5218, Sydney NSW 2001
Website: www.oaic.gov.au
- Definitions
- Capitalised words used in this Privacy Policy and Collection Statement have the following meaning:
- Account means any account You create with Us in connection with the Services;
- Affiliates means an entity that is directly or indirectly controlled by a Party or under common control with a Party; for the purposes of this definition, “control” means:
- the beneficial ownership of more than 50% of the issued shares of the Party; or
- the capacity to determine the outcome of decisions about the Party’s financial and operating policies in accordance with section 50AA of the Corporations Act 2001 (Cth).
- Agreement means the Fat Zebra Master Agreement or any sub-agreements as available on Our website and amended from time to time;
- Dashboard means Our dashboard that allows You to manage Your Account, connect with other service providers, and enable additional features;
- Eligible Data Breach has the meaning given to that term in the Privacy Act;
- Financial Services Providers means an entity that offers financial products, advice and services including banking, payment services, card services and payment schemes;
- Government Body / Government Bodies means:
- any national, supranational, federal, state, local or other governmental authority or regulatory body operating in Australia; and
- any government or any governmental, semi‑governmental, administrative, fiscal, judicial or quasi-judicial body, department, commission, authority, tribunal, agency or entity operating in Australia.
- Law/s means:
- Legislation, meaning any national, supranational, federal, state and local laws, statutes, directives, regulations, rules, codes or ordinances enacted, adopted, issued or promulgated by any court or Government Body or common law or any consent decree or settlement Agreement entered into with any Government Body, including the Privacy Act and any other applicable privacy legislation or rules in any jurisdiction; and
- Regulations, meaning the by-laws, rules, operating regulations and any other instructions issued by the Payment Systems, as the same may be amended or varied from time to time;
- Network/s means a system that facilitates the electronic transfer of funds between parties, such as consumers, businesses and financial institutions through various payment methods including credit cards, debit cards, bank transfers and digital wallets.
- Notice means written notices that may be delivered to a Party by hand, registered post or electronically by the Dashboard, where applicable, or email to that Party’s nominated address or to an alternate address as notified to the Party giving the Notice;
- Our, Us or We means Fat Zebra Pty Ltd ACN 154 014 785;
- Party means, where applicable, an entity bound by the Agreement, or alternatively, an entity whose Personal Information is collected, used, disclosed, transferred or otherwise handled by Us;
- Payment Systems means the international and domestic schemes and Networks governing card payments;
- Personal Information has the meaning given to that term in the Privacy Act;
- Personnel means any director, officer, employee, agent, contractor or subcontractor of a Party or its Affiliates;
- Services means the services offered by Us as described in the exhibits to the Agreement;
- Transactions means financial and non-financial payment transactions including but not limited to purchases, authorisations, pre-authorisations, declines, voids, refunds or captures; or events including but not limited to network tokenization, updates or authentication; and
- You or Your means an entity whose Personal Information is collected, used, disclosed, transferred or otherwise handled by Us.