1. Background

In this privacy policy, “we”, “our” and “us” are references to THINKEX HOLDINGS PTY LTD ABN 28 625 658 568 and its related entities.

For the purposes of this policy, “personal information” means personal information as defined in the Privacy Act 1988 (the Act). Essentially, this is any information that can reasonably be used to identify you as a natural person including but not limited to your name, email, contact details and financial information such as credit card details.

This privacy policy applies to you only to the extent that the collection and handling of your personal information by us is subject to the Act.

This privacy policy explains how we will treat your personal information that you provide to us. We review our privacy policy regularly to ensure it is up-to-date so we encourage you to review it from time to time on our website.

Alternatively, if you would like a copy sent to you then please request it by contacting our Privacy Officer (details below) and we will provide you a copy free of charge.

2. Open and transparent management

We take our obligations under the Act and the Australian Privacy Principles very seriously and have implemented practices, procedures and systems to ensure we comply with those laws.

We respect your right to privacy and recognise that maintaining confidentiality is an integral part of providing our services. We are committed to maintaining the confidentiality and security of your personal information and managing it in an open and transparent way.

3. Collection of personal information

3.1 Getting to know our customers and types of information collected

EFEX is in the business of supplying goods and services to our customers. That requires more than simply offering innovative technical services. It also requires that we understand you, our customer, and your needs.

We get to know you primarily through the information you provide to us when you contact us to use one or more of our services. The information you provide ranges from basic contact information to payment information. All of the information we request from you when purchasing our goods and/or services is obligatory. When you purchase our goods and/or services, you agree to provide us with complete and current information.

After you have purchased any of our goods and/or services, we may communicate with you about your account, answer questions you may have about what we provided you, or any other relevant matter. Those communications are essential to our relationship with you and to our ability to provide you with quality service that is responsive to your needs. At the same time, those communications give us helpful insights about you, your preferences and the ways in which we might improve our services. We therefore may maintain this information for future use by EFEX.

This information can also include such things as your name, contact details (such as your phone number and email), financial information (including banking and credit card details), supporting documentation (including credit history details), device content, identification and transaction history information, and personal references.

3.2 How we collect personal information

Our preference is to collect personal information from you directly and we will endeavour to do this unless it is unreasonable or impractical to do so. We collect personal information in a variety of ways including via online enquiries you submit on our website, applications installed by you, over the
telephone, through correspondence (whether by letter, sms or email), and on our forms when you enter into agreements and contracts with us.

We may also collect personal information from third parties including from credit reporting bodies, contractors, business partners and other entities.

3.3 Cookies and third party advertising

We use cookies to make it easier for users to access our site or services. A cookie is a small data file that certain websites write to your hard drive when you visit them. A cookie file can contain information such as a user ID that the site uses to track the pages you have visited. However, the only personal information a cookie can contain is information you supply yourself. A cookie cannot read data off your hard disk or read cookie files created by other sites.

We use cookies to track user traffic patterns (as described above) when you register for EFEX services. When you register, we may use a cookie to store a unique, random user ID. We use this ID to identify you anonymously in our database and to track the pages you visit on our site. If you have set your browser to warn you before accepting cookies, you will receive the warning message with each cookie. You may refuse cookies by turning them off in your browser.

We also use links to some of our suppliers on our website. In the course of providing these links, some of these companies may place or recognise a unique ‘cookie’ on your browser, and may use information (not including your name, address, e-mail address, or telephone number) about your visits to their and other web sites in order to measure advertising effectiveness and to provide advertisements about goods and services of interest to you. Please also examine the privacy policies of these companies.

3.4 Storage

The information we receive from or about you is stored on systems designed to prevent the loss, misuse, unauthorised access, disclosure, alteration or destruction of that information. We also encrypt your transmission of sensitive information to us (e.g., credit card numbers, account passwords) in the interest of heightened privacy protection and information integrity.

4. Use or disclosure of personal information

4.1 Why do we collect, hold, use or disclose personal information?

We collect, hold, use and disclose your information for the primary purpose of enabling us to carry out our business functions and activities which includes but is not limited to:

  1. the provision of products or services to you (including the improvement of those products or services);
  2. verifying your identity;
  3. conducting checks and searches of your credit information to assess your credit rating from time to time;
  4. communicating with you including via sms, email, mail or telephone;
  5. personalising and customising your experience;
  6. managing and enhancing our products and services;
  7. promoting and marketing our products and services including updating you with news and information about our existing and new products and services;
  8. providing you with information about events, products or services that may interest you;
  9. managing our relationship with you;
  10. facilitating our internal business operations;
  11. investigating any complaints made by you; or
  12. as required or permitted by law.

4.2 Disclosure to third parties

From time to time we may disclose your personal information, including your credit information to third party entities, which may include credit reporting bodies or collection agencies for credit management purposes or other purposes as required by law.

When you supply us with a credit card number that is used to make a payment to us we securely transmit this to our bank where the credit card transaction is either accepted or declined by the bank. We do not store your credit card details on any of our sites or systems. The bank stores any necessary details about our transaction/s with you, we do store a payment authorisation reference number associated with your transaction/s. It is not possible for this reference number to be used for any other purpose other than recording the fact that we conducted a credit card transaction with you.

5. Direct marketing

5.1 What is direct marketing?

For the purposes of this policy, “direct marketing” is the promotion and sale of goods and services directly to you including through emails, SMS, MMS, phone calls and the post.

You consent to us using your personal information to send you – either directly or via one of our service providers – information, including promotional material about us and business partners from time to time in relation to any product or service they offer and you consent to being contacted by means of direct mail, email, SMS and MMS messaging and via telephone.

5.2 No direct marketing

We will not use or disclose your personal information for the purposes of direct marketing material if you have previously told us not to.

If at any time you do not want us (or one of our service providers) to send you direct marketing material or you wish to cancel a previous consent, then you can simply inform our Privacy Officer by contacting them (details below). We will make the change in a reasonable time and without charge.

6. Cross-border disclosure of personal information

We may disclose your personal information to an overseas entity in circumstances where we:

  1. have taken reasonable steps to ensure that they also treat it in accordance with the Act; or
  2. reasonably believe that the overseas entity is subject to the same or similar laws to that found in the Act and there are ways that you can take action to enforce those overseas laws; or
  3. expressly inform you of your option to consent to that disclosure and you then provide us with informed consent to do so; or
  4. are required or authorised by law.

7. Security of personal information

We will take such steps as are reasonable in the circumstances to protect your personal information that we hold from:

  1. misuse, interference and loss; and
  2. unauthorised access, modification or disclosure.

When you submit personal information via the website, your information is protected both online and off-line. When our registration/order form asks you to enter sensitive information (such as credit card number), it is encrypted and protected with SSL encryption. While on a secure page, such as our order form, the lock icon on the bottom of Web browsers such as Google Chrome and Microsoft Internet Explorer becomes locked, as opposed to un-locked, or open, when you are just ‘surfing’.

While we use SSL encryption to protect sensitive information online, your information is restricted in our offices and is only accessible by certain authorised staff. Furthermore, ALL employees are kept up-to-date on our security and privacy practices. Every quarter, as well as any time new policies are added, employees are notified and/or reminded about the importance we place on privacy, and what they can do to ensure our customers’ information is protected.

Only those EFEX employees that have a legitimate business purpose for accessing and handling information obtained by us are given authorization to do so. The unauthorised access or use of such information by a EFEX employee is prohibited and constitutes grounds for disciplinary action. Additionally, our information management systems are configured in such a way as to block or inhibit employees from accessing information that they have no authority to access.

When we no longer need your personal information for a permitted purpose and we are not required to keep it to comply with any laws, we will take such steps as are reasonable in the circumstances to destroy your personal information or to ensure that the information is de-identified.

8. Complaints

If you have a query or concern in relation to this privacy policy or wish to make a complaint regarding a breach of privacy you may do so by contacting our Privacy Officer (details below). All complaints will be investigated and dealt with promptly and confidentially.

9. Access to personal information

If you wish to access your personal information that we hold, you may submit a written request to our Privacy Officer (details below). You will be required to provide adequate proof of identity before information will be disclosed to you. We may refuse a request in situations permitted by law.

We aim to provide you access to such information within 30 days of receipt of a valid request.

10. Correction of personal information

10.1 Correction of personal information

We will take reasonable steps to correct your personal information (at no charge) if we are satisfied that it is inaccurate, out-of-date, incomplete, irrelevant or misleading. This extends to third parties that we have provided your personal information to unless it is impracticable or unlawful to do so.

10.2 Circumstances when we decline to make corrections

In certain circumstances we may decline to correct your personal information. When this occurs we will provide you with a written notice that sets out:

  1. the reasons for the refusal; and
  2. the mechanisms available to complain about the refusal.

11. Privacy Officer Contact

Privacy Officer
28a Montague St. Balmain, NSW, 2041
privacy@efex.com.au
Updated: October 2019