This Policy also serves as notification to individuals of the matters required to be notified by the Australian Privacy Principles.
By providing personal information to the Company and having access to this Policy, either directly or through a business partner or service provider, an individual consents to the Company collecting, holding, using and disclosing personal information in accordance with this Policy.
2. THE PERSONAL INFORMATION COLLECTED BY THE COMPANY
Personal information collected by the Company includes:
Names, gender; phone and fax numbers; home and postal addresses; e-mail addresses; date of birth; banking details (including card and/or bank account details); merchant details; payment details, Company partner membership details.
3. HOW PERSONAL INFORMATION IS COLLECTED AND HELD
The Company collects the personal information of individuals directly from those individuals when:
- the individual registers to use the program where this Policy is located or linked
- the Company is providing services to those individuals
- the individual makes an inquiry about a product or service.
The Company also collects an individual’s personal information from:
- ” Trainers, Stud Farms and other merchants
- Banking partners
- Payment processors
- its business partners whose programs the Company manages and operates
- service providers who are involved with selling and delivering products or services to an individual for or in conjunction with the Company.
Personal information received by the Company is held in paper form and / or electronically on the information technology systems of the Company and may only be accessed by its authorised employees and contractors who require access in connection with the purposes described in this Policy.
Some personal information is held in hard copy such as a registration form. This information is accessible to customer support and other required staff members, their managers and the organisations which are contracted by the Company to store and secure that information. Other hard copy personal information may be held for internal Company purposes and administration of the Company’s business.
4. IF INFORMATION OR CONSENT IS NOT PROVIDED
Without all of the required personal information being provided or consent being given, the Company will not be able to provide the product or service an individual is seeking, and may not be able to handle inquiries or claims in connection with those products or services.
Personal information will be collected, held, used and disclosed for the purposes of:
- facilitating the set up and delivery of a service
- handling inquiries or claims about a service
- security checks to verify the identity of an individual
- internal and external auditing
- administering the information technology systems used by the Company
- as required by law or a court or tribunal order
- any related, secondary or ancillary purposes.
6. DIRECT MARKETING
Personal information may be used or disclosed to inform individuals about products, services and other opportunities (direct marketing). If an individual does not want their personal information used or disclosed for direct marketing, then they may opt out or unsubscribe by selecting the option appearing on the direct marketing communication or by contacting the company at the details below.
7. DISCLOSURE OF PERSONAL INFORMATION
The Company’s technology systems and databases are operated in Australia and hosted by Microsoft in Australian data centres.
The Company may disclose personal information to its business partners and third party service providers to perform activities in connection with the purposes described in this Policy. This includes organisations such as Merchants, banking partners and payment processors.
As the company is a member of a group of companies, then each member of the group may share and access personal information in connection with the purposes described in this Policy.
Some of the organisations (including international banks, credit card schemes and technology companies) to which the Company may disclose personal information to, may be located, or have operations, outside of Australia. By accessing the website or opening a document or an email on which this Policy is located or linked, the individual is directed to read it and as a result, giving consent to the collection, handling, use and disclosure of personal information by the Company in accordance with this Policy. One of the things the individual consents to is that the Company is not required to ensure that an overseas recipient of personal information (who may have operations in multiple countries which the Company is not aware of) complies with the Australian Privacy Act 1988 (see Australian Privacy Principle 8.1 by going to: http://www.oaic.gov.au/).
As such, individual may not be informed of each occasion personal information is shared or accessed by group companies or an overseas recipient.
8. ACCURACY AND PROTECTION OF PERSONAL INFORMATION
An individual will need to ensure that the personal information which is provided is accurate, complete and up-to-date at the time it is provided and must notify the Company of any changes.
The Company will take reasonable steps to protect the personal information that it holds from misuse and loss and from unauthorised access, modification or disclosure. The Company’s information technology systems are protected by various technology solutions. However, the Company will not be liable for direct or indirect loss or damage in connection with unauthorised access, use, alteration, destruction or disclosure of personal information.
9. WEBSITE USE
The Company collects personal information when individuals use the Company’s websites. This information could include personal and payment details in relation to the usage and provision of the Company’s services.
10. ACCESS TO PERSONAL INFORMATION
An individual may see and have a copy of their personal information that the Company holds.
If an individual establishes that their personal information is not accurate, then on request the Company will take reasonable steps to correct it.
An individual who seeks to exercise their rights of access and correction must contact in writing the Company at the details below.
A charge will apply commensurate with the nature of the request.
An individual may make a complaint in writing about how their personal information has been dealt with by explaining the nature of the complaint and providing sufficient information to enable the Company to respond to the complaint.
The Company will respond in writing to a written complaint within 30 days of receipt.
If the complaint remains unresolved, then the individual has the option of notifying the Office of the Australian Information Commissioner.
12. ACKNOWLEDGEMENT AND CONSENT
Company contact details: Thoroughbred Payments, Reply Paid 177, Balmain NSW 2041.
Policy last updated: 5 March 2014