Effective date: 10 May 2017
1.2 OFX has implemented practices, procedures and systems to ensure compliance with the Act and the Australian Privacy Principles and to deal with complaints and enquiries concerning your Personal Information.
1.3 OFX’s Privacy Officer (contact details in section 8 below) has overall responsibility for ensuring that OFX and its employees, agents and subsidiaries comply with this Policy.
1.4 OFX collects information only by lawful and fair means.
1.5 If you are a client of OFX, this Policy should be read in conjunction with OFX's Client Agreement.
2 Collection of Personal Information
2.1 OFX collects the following kinds of Personal Information:
- i. your identity particulars, including your name, sex, address (and previous two addresses), date of birth, phone number, mobile number, bank account information, name of employer and drivers licence number. If you choose to add a Recipient on our website, OFX will ask you for your Recipient’s Personal Information including the Recipient’s name, email address, financial information (bank information) and physical address;
- ii. details of services or products you acquire from OFX or which you enquire about, together with any additional information necessary to deliver those services or products and respond to your enquiries;
- iii. information regarding transactions you conduct utilising OFX’s services;
- iv. any credit information that may be obtained in the course of obtaining the identity particulars described above;
- v. Personal Information you provide to OFX through OFX’s service centre or in response to customer surveys;
- vi. any additional Personal Information you provide to OFX online, by telephone, by email or otherwise to OFX representatives, or via your agents; and
- vii. where you are a client of OFX, the contents of telephone conversations between you and OFX representatives.
2.2 OFX is required to collect certain Personal Information under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), rules and other subordinate instruments (AML/CTF Laws). For all corporate clients (including without limitation, registered domestic and foreign companies, registered associations, registered co-operatives, trusts, partnerships, government bodies or other statutory bodies (Corporate Clients), OFX is required under the AML/CTF Laws to collect Personal Information of individuals (being a natural person or persons) who ultimately own or control (whether directly or indirectly) the Corporate Client (Beneficial Owners). OFX is required to collect Personal Information of Beneficial Owners to assist OFX to verify information about the beneficial ownership and control of OFX’s Corporate Clients.
2.3 If OFX does not collect required Personal Information, then OFX may not be able to provide you with its services or products, or enter into contracts or undertake transactions with you.
2.5 OFX collects your Personal Information from you, or via your agents, in ways including the following:
- i. through your access and use of the OFX website;
- ii. during conversations between you and OFX representatives;
- iii. when you complete an application, order form or a contract;
- iv. when you conduct transactions using OFX’s services; and
- v. when you send information in emails or correspondence to OFX;
2.6 Where you are a client of OFX, OFX may be subject to compliance with its obligations under the Act and may access third party electronic databases necessary to assist it to identify you and such databases could contain credit information. OFX may therefore collect information about you that it has obtained from businesses that provide information about the credit worthiness of individuals, including consumer credit reports from a credit reporting body.
2.7 OFX will take reasonable steps to inform you if it collects Personal Information about you from someone else.
3 Purposes of collection, holding, use and disclosure of Personal Information
3.1 OFX collects, holds, uses and discloses your Personal Information (including credit information) for the following purposes:
- a. to provide its services and products to you and undertake associated business processes and functions;
- b. for administration, planning and account management;
- c. where you are a client of OFX, to identify you;
- d. to monitor, develop and improve the quality of its services;
- e. if you are registered with OFX, to send you information that is relevant to the provision of its services;
- f. to answer or process your enquiries or complaints, and provide information or advice;
- g. to send direct marketing to you in relation to the products, services and benefits OFX provides to keep you informed of new developments OFX believes may be of interest to you. Direct marketing may be sent to you in a variety of ways including, via email, via SMS, via social media or online. You may opt-out of receiving direct marketing at any time through the unsubscribe function that will be made available to you with each direct marketing communication that OFX sends. Alternatively, you may opt-out of receiving direct marketing by logging into your OFX account online or by emailing us at firstname.lastname@example.org or calling us on +612 8667 8090.
- h. to comply with any law, rule or regulation (for example, in Australia the AML/CTF Laws) or binding determination, or to cooperate with any governmental authority; and
- i. any other purpose disclosed to you at the time OFX collects your Personal Information.
3.2 If OFX sends you information that is relevant to the provision of OFX’s services, and at any time you do not wish to receive that information, you may send OFX an email opt-out and request that you not be included in any future mail-outs at: email@example.com.
4 Disclosure of Personal Information
4.1 OFX will share your Personal Information with third parties only in the ways that are described below:
a. to OFX’s contractors or service providers for the purposes of conducting its business and providing its services or products to you, including web hosting providers, IT systems administrators, mailing houses, couriers, payment processors, data entry service providers, electronic network administrators, debt collectors, and professional advisors such as accountants, solicitors, business advisors and consultants;
b. to OFX’s intermediary banks in order to process certain transactions on your behalf, for example, by disclosing your name and address;
c. to any partners, agents or intermediaries who are a necessary part of the provision of OFX’s products and services;
d. to international intermediaries to complete your transactions;
e. to credit reporting bodies if you are a client of OFX for the purpose of identifying you, in which case the information will be limited to your identity particulars, including your name, sex, address (and the previous two addresses), date of birth, name of employer, and drivers licence number;
f. to any government regulatory bodies that normally require it or may request it;
vii. in order for OFX to satisfy its regulatory obligations under relevant AML/CFT Laws, for example in order to satisfy the obligation that OFX take reasonable steps to verify the identity of its clients, OFX may disclose your Personal Information to its external credit providers; and
g. as may be required under any other law;
h. in the event that we sell or buy any business or assets, in which case we may disclose your Personal Information to the prospective seller or buyer of such business assets; and
i. to our related bodies corporate.
4.2 Any of the recipients referred to in paragraph 4.1 may be located overseas. The location of any such overseas recipient will depend on the country to which your transaction relates. Where your
Personal Information is sent overseas, it is likely to be one of the following:
- United States
- United Kingdom
- Hong Kong
- New Zealand
- Countries in the European Union.
5 Information retention, quality and security
OFX may hold Personal Information (including credit information and credit eligibility information) in electronic and/or hard copy format.
5.1 Personal Information shall be retained only for as long as may be needed for the fulfilment of the purpose(s) for which the information is collected, used or disclosed, or as required by the Act, any other law or a court/tribunal order. You should be aware that OFX is obliged under relevant AML/CFT Laws to retain information relating to personal identity for 7 years.
5.2 Subject to any legislative requirements, OFX will destroy, erase, or make anonymous your Personal Information when it is no longer needed as referred to in paragraph 5.1.
5.3 OFX will take reasonable steps in the circumstances to ensure that your Personal Information is accurate, complete, and up-to-date, to minimise the possibility that inappropriate information may be used to make a decision about you.
5.4 OFX will not routinely update your Personal Information, unless such a process is necessary to fulfil the purposes for which the information is collected, used or disclosed. If you are a client of OFX, in accordance with your Client Agreement, you must notify OFX as soon as possible if any of the information you have provided to OFX has changed.
5.5 OFX will take reasonable steps to maintain the security of your personal information. OFX has in place a range of security safeguards to protect your Personal Information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification, regardless of the format in which it is held.
5.6 The methods of protection may depend on the sensitivity of the information and the format in which it is contained. Security measures employed by OFX include:
- technological measures including SSL 128 bit encryption for all data transfers over the Internet;
- physical measures such as locked filing cabinets and restricted access to offices;
- strategic measures such as security clearances and limiting access to a "need-to-know" basis; and
- OFX ensures that its staff are aware of the importance of maintaining the confidentiality of personal information.
6 Access and correction
6.1 You may request access to any Personal Information (including credit information) that OFX holds about you at any time by contacting OFX at: firstname.lastname@example.org. Where OFX holds Personal Information that you are entitled to access, OFX will within a reasonable period of your request (and always within 30 days of any such request) allow you access to that information. The requested information shall be provided or made available in the manner requested by you, if it is reasonable and practicable to do so, or otherwise in a suitable form such as by mailing or emailing it to you.
6.2 Where you request access to credit information, in order to ensure that you have access to the most up to date information, you should additionally request from the credit reporting bodies identified in paragraph 4.1(v) above access to the credit reporting information held by them.
6.3 You may point out to OFX that any personal information (including credit information) held by OFX is inaccurate, out of date, incomplete, irrelevant or misleading, and request correction/deletion or information or ask to have it removed from a testimonial on our site or deactivate it by making the change on your Edit Profile page or by emailing us at: email@example.com. OFX will take appropriate action to amend the information as required, give you notice of any correction and, if requested take reasonable steps to, or if required by the Act, notify any third party to whom the information has been disclosed of the correction. If OFX does not agree that there are grounds for amendment of your information then it will set out the reasons for its decision in writing and the mechanisms available to complain about the refusal, and upon request by you it will add a note to the personal information stating that you disagree with it.
6.4 There may be circumstances which preclude OFX from providing access to some or all of your Personal Information. For example, those circumstances could include:
- the information may impact on the privacy of other individuals;
- the information is commercially sensitive evaluative information;
- the information is subject to solicitor-client or litigation privilege;
- OFX is prohibited by law from providing you with access; or
- the disclosure could reasonably be expected to threaten the safety, physical or mental health or life of an individual.
6.5 If OFX decides that it cannot grant you access to your Personal Information, or grant access in the manner requested by you, it will set out the reasons for its decision in writing and the mechanisms available to complain about the refusal.
Making a Complaint
7.1 OFX takes all complaints seriously, and will investigate all complaints. For details of how OFX deals with complaints generally, please refer to OFX’s Complaints Policy.
7.2 If you believe there has been a breach of the Australian Privacy Principles, or if you have any other concerns about OFX’s handling of your Personal Information, please speak to your usual contact at OFX in the first instance. OFX staff will be pleased to help and complaints can often be resolved at this early stage. If your concerns cannot be resolved at the first point of contact, the matter should be referred to OFX’s Compliance Officer (contact details below). At this stage, OFX will ask you to set out your complaint in writing providing as much detail as you can so that OFX’s Compliance Officer can fully investigate your complaint. OFX will then contact you with the results of its findings. You should allow up to thirty days from the time of your initial complaint, or such longer period as may be agreed to by you, to receive a response.
7.3 Please contact the Client Support Services Department on +1300 300 424 or +61 2 8667 8090 for further information as to how complaints are handled by OFX internally.
8 Contacting OFX
If you have any questions or concerns about this Policy or the collection, use or handling of your personal information, you may contact the OFX Compliance Officer on +612 8667 8090 or at firstname.lastname@example.org. OFX Level 19, 60 Margaret Street, Sydney NSW 2000 Australia.
9 Office of the Australian Information Commissioner (OAIC)
OAIC is a government agency which oversees the Act and related legislation, and investigates complaints about handling of personal information under the Act. OAIC will in many cases only investigate cases once OFX has been given the opportunity to resolve your complaint internally. You may lodge your complaint with OAIC by sending the necessary documents and information to:
- Australian Information Commissioner
GPO Box 5218, Sydney NSW 2001
Telephone: 1300 363 992
Facsimile: (02) 9284 9666
10 Credit reporting notifiable matters
10.1 The credit reporting bodies referred to in paragraph 4.1(v) above may include your Personal Information referred to in that paragraph in reports provided to other credit providers to assist them to assess your credit worthiness.
10.2 If you fail to meet your payment obligations in relation to the services OFX provides to you, if you commit fraud or try to do so, or if you otherwise commit a serious credit infringement, OFX may disclose this information to those credit reporting bodies.
10.3 OFX’s credit reporting policy is incorporated in this general Policy. You may obtain a copy of the credit reporting bodies’ credit reporting policies by contacting them using the contact details set out in paragraph 4.1(v) above.
10.4 You have a right to access the credit related information that OFX holds about you, to correct that credit related information and to make a complaint about OFX’s handling of your credit related information, as set out in clauses 6 and 7 of this Policy.
10.5 You also have a right to request that credit reporting bodies do not use credit related information held by them for the purposes of pre-screening of any direct marketing by credit providers. If you would like to make such a request, please contact the credit reporting bodies using the contact details set out in paragraph 4.1(v) above.
10.6 If you believe that you have been a victim of fraud, you have a right to contact the credit reporting bodies and ask them not to use or disclose your credit related information. If you would like to make such a request, please contact the credit reporting bodies using the contact details set out in paragraph 4.1(v) above.
11 Tracking Technologies
11.1 OFX and its marketing partners, affiliates, or analytics or service providers, use technologies such as cookies, beacons, tags, and scripts, to analyse trends, administer the website, tracking users’ movements around the website, and to gather demographic information about our user base as a whole. OFX may receive reports based on the use of these technologies by these companies on an individual and aggregated basis.
11.2 OFX uses Internet technologies like cookies and web beacons to facilitate the services we provide on our websites and your use of our websites, including for the following reasons.
i. To assist OFX in providing services to you.
ii. To allow you to change web pages during your visit without having to re-enter your password.
iii. To store your preferences and other information and to track activity on the OFX website.
iv. To better understand the effectiveness of OFX’s promotional campaigns.
v. To determine whether you came to the OFX site from a banner ad or an affiliate website.
vi. To deliver Information specific to your interests on additional web sites.
vii. To determine whether you've acted on OFX’s promotional messages.
NOTE: A "cookie" is a text file placed on your computer's hard drive by a web server, which allows for personalisation of certain aspects of your visit to that website. "Web beacons" are transparent electronic images placed in the web code that collect non-personal data while visiting a website. Cookies and web beacons can usually be disabled by changing your browser preferences. Your browser usually has documentation on how to disable cookies and web beacons. Note that disabling cookies may limit the performance of OFX's websites. If cookies are disabled, certain features of OFX’s websites may not function properly, and you may not be able to register or use your online account.
11.3 OFX partners with a third party to either display advertising on the OFX website or to manage OFX’s advertising on other sites. OFX’s third party partner may use technologies such as cookies to gather information about your activities on this website and other sites in order to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here. Please note this does not opt you out of being served ads. You will continue to receive generic ads.
11.4 OFX gathers certain information automatically and store it in log files. This information may include Internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. OFX does not link this automatically collected data to other information it collects about you.
11.5 OFX uses Local Shared Objects, such as Flash cookies, and Local Storage, such as HTML5, to store content information and preferences. Third parties with whom OFX partners to provide certain features on the OFX website or to display advertising based upon your web browsing activity also use Flash cookies or HTML5 to collect and store information. Various browsers may offer their own management tools for removing HTML5. To manage Flash cookies, please visit: Macromedia Flash.
12 Other Information
12.1 The OFX website includes Social Media Features, such as the Facebook Like button, and Widgets, such as the Share This button or interactive mini-programs that run on our website. These Features may collect your Internet protocol address, which page you are visiting on the OFX website, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our website. Your interactions with these Features are governed by the privacy statement of the company providing it.
12.2 The OFX website may be linked to or from third party websites. These links are provided as a convenience only. OFX is not responsible for the content or privacy principles of websites that are linked to or from the OFX website. You are advised to review the privacy policies of any third party websites you visit.
13 Availability and changes to this Policy
13.1 This Policy is available on the OFX website. OFX may change this Policy from time to time. Any updated versions of this Policy will be posted on the website. If OFX makes any material changes OFX will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this website prior to the change becoming effective. OFX encourages you to periodically review this page for the latest information on OFX’s privacy practices.
13.2 You may request OFX to provide a copy of the information in this Policy in an alternative form, such as in hard copy.