Privacy and Credit Reporting Policy
This policy outlines how Bennetts Petroleum Supplies Pty Ltd (BPS) manages the personal information and credit-related personal information we hold about our customers, potential customers, contractors and others. BPS is bound by the National Privacy Principles contained in the Privacy Act 1988 (Schedule 3) and the applicable parts of the credit reporting requirements in Part IIIA of the Privacy Act and the Credit Reporting Code of Conduct.
Under the Privacy Act, and throughout this policy, "personal information" is information or an opinion relating to an individual which can be used to identify that individual. In this policy, where we refer to "you" or "your", we are referring specifically to natural persons as opposed to other entities such as partnerships, trusts and companies.
Part I of this policy details BPS management of personal information generally.
Part II of this policy provides specific details about how BPS manages credit-related personal information.
Part III of this policy sets out how BPS protects personal information and credit-related personal information, and how you may seek access to or correction of or make a complaint about, that information.
PART I - MANAGEMENT OF PERSONAL INFORMATION
How does BPS collect personal information?
The main way in which BPS collects personal information is through hardcopy forms or through forms provided on BPS's website pages, wi-fi hotspot, or other electronic means (such as e-mail). BPS may also collect personal information through diary notes of telephone calls made to BPS (see below for more information), in face-to-face meetings and in interviews.
BPS may collect personal information from third parties, such as from referees in the case of prospective employees.
What information does BPS collect?
The personal information BPS may collect about you is dependent upon your relationship with BPS. The following are some examples of the types of personal information that BPS may collect from individuals:
(a) In the employment context:
- application forms - name, addresses, telephone numbers;
- resume details - which will usually include details such as an individual's name, address, telephone numbers, academic qualifications, employment history, and referees;
- reference checking;
- pre-employment medical (with the prospective employee's consent);
- psychological and drug testing; and
- criminal record checks.
- employment application forms;
- personal details including name and address and telephone numbers;
- bank account details (for salary/wages); and
- tax file number details (for salary and superannuation).
- Superannuation nominated fund member details
(b) Customers and Tenants
- personal details - including names, addresses, telephone numbers;
- financial details including banking details - for payments (where applicable); and record keeping with BPS customer service representatives and BPS employees, including the collection of personal information to assist with queries;
- competitions and contests - BPS may use the personal information collected from competitions and contests (for example, the contestant's name and address) to market its products to the contestants. Where BPS intends to do this, it will advise the contestant of this in the competition's terms and conditions.
- personal details - including names, addresses, telephone numbers
- owner/shareholder details
- financial details - including bank account details
- personal details for share register purposes - including names, addresses, number of shares held
- financial details - including tax file number and bank account details
- shareholder registry - BPS is required to maintain a register of shareholders under the Corporations Act 2001 (Cth)
How does BPS use and disclose personal information?
Subject to the exceptions set out in the National Privacy Principles (for example, the disclosure of personal information when allowed or required by law), BPS will only use and/or disclose your personal information for:
(a) the primary purpose for which it is collected; or
(b) a related purpose, where you would reasonably expect that it be used and/or disclosed without your further consent.
This means that generally BPS will only disclose your personal information internally and/or to a third party contracted to provide services to BPS and only if necessary for one of the purposes referred to above.
The third parties that may be used by BPS vary depending on the particular circumstances in each case, but typically fall into the following categories:
- insurance companies
- trade promotion agencies
- insurance assessors
- billing and mailing houses
- delivery contractors
- IT service providers
- superannuation funds
- share registries
Will BPS send you marketing material and what can you do to stop that?
A related purpose for which BPS collects personal information may be marketing. However, if this is not the case, BPS is entitled to send marketing material to you if you have consented to receiving this material or provided it gives you a chance to stop or opt-out of receiving this material.
If you have received marketing material from BPS and you wish to stop it, you can write to the Privacy Compliance Officer at the address set out below. BPS will not charge you or in any way disadvantage you if you choose to opt out of receiving marketing material.
When does BPS share information?
BPS generally will only disclose personal information to third parties without your consent if that disclosure is necessary for the purpose(s) for which that information was collected. Set out below are some examples of where it is necessary for BPS to disclose personal information to third parties:
(a) In the employment context:
- Superannuation plan administration arrangements - BPS provides employees' personal details (including, but not limited to, employees' names, addresses, tax file numbers, dependents, salaries) to the external administrator of the superannuation plan which is responsible for the day-to-day administration of plan business.
- Insurance arrangements - BPS advises disability and death insurers of employees' personal details (including, but not limited to, employees' names, addresses, medical reports) to enable those insurers to properly process disability and death claims.
- Recruitment systems - BPS requires prospective employees to complete documentation and submit to pre-employment checks, including completing application forms, reference checking, pre-employment medicals, psychological and drug testing and criminal record checks which involves disclosure of personal information to various third parties.
- Video monitoring - external security advisers/contractors may view security tapes that have been recorded in the workplace
- Medical - BPS may, with the employee's consent, provide the company doctor or any medical specialists retained by BPS with employees' medical records for the purposes of their employment with BPS.
- Worker's compensation - BPS may disclose employees' records (including the employees' medical records) to its insurers and their agents for the purpose of processing claims.
- IT arrangements - BPS may provide its external IT service providers with employees' personal details (limited to identifiers such as name, address, date of birth and employee identifier) to assist in ensuring the security of BPS's computer network is maintained (see also security measures BPS adopts to protect personal information).
(b) Generally and in a commercial context:
- Credit checks on new and existing individual customers - BPS may provide necessary personal information to credit reporting agencies to ascertain an individual's financial position if the person is a new or an existing customer.
- Competitions - in some cases BPS uses third parties to run its competitions. In these instances, unless otherwise disclosed to the contestant prior to, or at the time of, entering the competition (normally set out in the competition's terms and conditions), any personal information collected about a contestant will be returned to BPS.
Does BPS send your personal information overseas?
BPS may transfer information about you between countries if required for a relevant purpose described above. BPS may disclose your personal information to the following overseas recipients:
(a) other companies or individuals who assist us in providing services or who perform functions on their behalf (such as third party service providers, specialist consultants)
(b) anyone else to whom you authorise us to disclose it; and
(c) anyone else where authorised by law
PART II - MANAGEMENT OF CREDIT REPORTING INFORMATION
What credit-related personal information does BPS collect?
BPS collects credit-related personal information in connection with applications for credit, which are predominantly applications for commercial credit for business purposes. Examples of the types of credit-related personal information BPS may collect and hold include:
- identity particulars of individuals associated with the applicant for credit, including contact name, address, date of birth, phone numbers, employer and drivers licence number. This information is mainly collected about the directors, partners, trustees or principals of the business, but some personal information may also be collected about others in that business (such as the account management staff or a guarantor where deemed necessary by BPS);
- financial information relating to directors, partners, trustees or sole traders, and any person who acts, or proposes to act, as a guarantor;
- historical insolvency information of directors, partners, trustees, sole traders or managers associated with a business applying for credit;
- consumer credit information of directors, partners, trustees or sole traders, anyone acting or proposing to act as a guarantor, or any individual applying for credit. This information is obtained from credit reporting bodies where BPS believes it is necessary to assess the credit worthiness of individuals associated with the applicant for credit, including guarantors;
- a record that we have made a request with a credit reporting body for credit related information; and
- where an application for commercial credit is made by a sole trader or an application for consumer credit is made by an individual, and we have made a request with a credit reporting body in connection with such an application, the type and amount of credit that has been applied for.
What does BPS use credit-related personal information for?
Personal information provided to BPS in connection with an application for credit is principally used to assess that application and for the ongoing management of a credit account in the name of the applicant (if the application is successful), and otherwise as permitted by law. This may involve one or more of the following:
- assessing the credit worthiness of the applicant, or individuals associated with the applicant (in the case of a business applying for commercial credit) where that is deemed necessary by BPS, including obtaining both consumer and commercial credit reports from credit reporting bodies;
- disclosing personal information to credit reporting bodies before, during or after the granting of credit to the applicant, including but not limited to identity particulars (as outlined above), payment defaults of individuals and serious credit infringements (mainly in relation to guarantors);
- obtaining and verifying personal information from a motor vehicle or land title registry or from a business that provides credit worthiness information;
- providing to or exchanging personal information with any person whose name is given to BPS in connection with an application for credit;
- exchanging personal information with another credit provider who is named in an application for credit or in a credit report issued by a credit reporting body, or a credit provider who proposes to provide credit to an applicant, principally for (but not limited to) the following purposes:
- assisting an account holder from defaulting on its credit obligations;
- assessing an account holder's position if it falls into arrears; or
- notifying other credit providers of if an account holder defaults,
- disclosing personal information to BPS's collection agents in the event of a default.
BPS is required to obtain an individual's consent before being provided with consumer credit information about that individual from a credit reporting body. BPS will typically do this by having the individual read and agree to a privacy agreement in BPS's credit application form or otherwise accept the provisions of this policy.
Who is credit-related personal information disclosed to?
BPS discloses credit-related personal information to third parties in the circumstances and for the purposes described above, including to credit reporting bodies. Credit reporting bodies may include credit-related personal information in reports provided to credit providers to assist them to assess an individual's credit worthiness.
BPS shares credit-related personal information with the following credit reporting bodies:
1. Veda Advantage
PO Box 964
North Sydney NSW 2059
Phone: 1300 762 207
2. Tasmanian Collection Service
29 Argyle Street
Hobart TAS 7000
Phone: 03 6213 5555
GPO Box 276
Sydney NSW 2001
Phone: 1300 51 312
What are your rights in relation to credit reporting bodies?
(a) Opting out of direct marketing pre-screenings - a credit reporting body may use your credit-related personal information to assist a credit provider to market to you by pre-screening you for direct marketing by the credit provider. You have the right under the Privacy Act to request a credit reporting body to exclude you from such a direct marketing pre-screening by contacting that credit reporting body.
(b) If you are a victim of fraud - if you reasonably believe you have been, or are likely to be, a victim of fraud (including identity fraud), you have a right to request a credit reporting body not to use or disclose any credit-related personal information held by that body about you for a minimum of 21 days (referred to as a "ban period"). BPS reserves the right to delay or refuse any application for credit where it reasonably believes it requires credit-related personal information about an individual but is unable to obtain such information because a ban period is in effect for that individual.
PART III - PROTECTION, ACCESS, CORRECTION AND COMPLAINTS
In this Part III, the term 'personal information' includes credit-related personal information. Some sections deal specifically with the protection, access and correction of credit-related personal information.
How does BPS protect personal information?
BPS stores personal information in a range of paper-based and electronic forms:
(a) Paper Security - Where personal information is stored in physical form, BPS may use a variety of mechanisms to protect the security and integrity of such information which might include:
- locking personal information in cabinets and only giving access to those employees who have a need to use it; and
- using other access control measures such as keyed access, security alarms and surveillance cameras to deter and detect unauthorised access.
(b) Computer and Network Security - BPS adopts a number of security measures to protect information from unauthorised access to its computer systems which include:
- access control for authorised users such as user names and passwords;
- limiting access to shared network drives to authorised staff;
- virus checking; and
- specialised IT support to deal with security risks.
(c) Communications Security - Transmission of personal information may involve insecure telecommunications lines. Security of this personal information is enhanced by:
- PIN numbers and passwords required for some telephone and internet transmissions;
- identity checking before giving out any personal information; and
- encryption of data for high risk transmissions.
Personal information in BPS's possession may be retained in archival storage. Generally BPS will destroy personal information after a period of seven (7) years following its collection or an employee's separation from BPS unless it is required, or may be required, to be kept for a longer period because of the purpose(s) for which it was originally collected.
How can you access to your personal information?
If you want access to your personal information held by BPS, please put your request in writing and clearly identify the personal information you seek access to. This is important to ensure that the information can be retrieved quickly and cost effectively. All requests for access must be addressed to The Privacy Compliance Officer (see contact details below).
Depending on the circumstances, BPS reserves the right to charge you a reasonable administrative fee. For example, BPS's reasonable administrative costs might include:
- reasonable staff costs in locating and collating the information;
- reasonable reproduction or photocopying costs; and
- reasonable costs involved in having someone explain the information to you.
If a fee is charged for providing access, you will be advised of the likely cost in advance.
In some instances, BPS may not release the personal information. For example, if the information reveals a formula or the details of a commercially sensitive decision-making process, then, in these instances, BPS may decide to give you an explanation of the commercially-sensitive decision rather than direct access to the information.
What if your personal information is inaccurate?
BPS will take reasonable steps to correct personal information that is inaccurate. You should contact BPS if your personal information changes. If BPS believes it is inappropriate to delete or alter the original information, it will discuss with you alternative ways of correcting the information that satisfies the needs of both parties.
Where a request to correct personal information relates to credit-related information, BPS will notify the individual of its decision as to whether it agrees to correct that information in writing. Where BPS does not agree to amend credit-related personal information held about you, BPS will provide you with reasons for its decision and details of how you may make a complaint about BPS's decision.
How do you make a complaint?
If you wish to make a complaint to BPS about a possible breach of privacy, please provide full details of your complaint in writing and send it to the Privacy Compliance Officer (see contact details below).
Individuals inquiring about their rights and remedies for breaches of privacy can access detailed information at the Office of the Australian Information Commissioner (OAIC) www.oaic.gov.au or phone 1300 363 992
If your complaint specifically concerns credit-related personal information and you believe BPS has not complied with its obligations under the Privacy Act or the Credit Reporting Code of Conduct, BPS will acknowledge any complaint within 7 days of receiving it, and aim to investigate and resolve complaints within 30 days. If that is not possible, we will seek to agree a longer period with you. BPS will notify you of the outcome of its investigation in writing, including details of how you make a complaint if you are not satisfied with BPS's decision.
How will changes to this policy be notified?
How to contact us?
If you would like more information concerning BPS's approach to privacy or how BPS handles your personal information you can write to:
Privacy Compliance Officer
Bennetts Petroleum Supplies Pty Ltd
PO Box 436
Moonah TAS 7008
Phone: 03 6242 8200
|Download the PDF here||Updated: Friday, 30 January 2015|