Personal information includes information or an opinion about an individual that is reasonably identifiable. For example, this may include your name, age, gender, postcode and contact details. It may also include financial information, including your credit card information.
We may collect the following types of personal information:
We may collect these types of personal information either directly from you, or from third parties. We may collect this information when you:
We may collect, hold, use and disclose your personal information for the following purposes:
We may also disclose your personal information to a trusted third party who also holds other information about you. This third party may combine that information in order to enable it and us to develop anonymised consumer insights so that we can better understand your preferences and interests, personalise your experience and enhance the products and services that you receive.
We and/or our carefully selected business partners may send you direct marketing communications and information about our service and products. This may take the form of emails, SMS, mail or other forms of communication, in accordance with the Spam Act and the Privacy Act. You may opt-out of receiving marketing materials from us by contacting us using the details set out below or by using the opt-out facilities provided firstname.lastname@example.org.
We may disclose personal information outside of Australia to including relevant government agencies, banks, telecommunications companies, bill payment gateways and loading and withdrawal partners located in countries and member states of the European Union, United Kingdom, Singapore, Malaysia, New Zealand, Thailand, Russia / CIS Countries, India, Bangladesh, Burkina Faso, Canada, Chad, China, Democratic Republic of the Congo, Egypt, Gabon, Ghana, Indonesia, Ireland, Kenya, Madagascar, Malawi, Nepal, Niger, Nigeria, Philippines, Republic of the Congo, Rwanda, Singapore, Seychelles, Sierra Leone, South Africa, Tanzania and Uganda.
When you provide your personal information to us, you consent to the disclosure of your information outside of Australia and acknowledge that we are not required to ensure that overseas recipients handle that personal information in compliance with Australian Privacy Law. We will, however, take reasonable steps to ensure that any overseas recipient will deal with such personal information in a way that is consistent with the Australian Privacy Principles.
We may collect personal information about you when you use and access our website.
While we do not use browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer.
We may also use 'cookies' or other similar tracking technologies on our website that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, TV, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser but our websites may not work as intended for you if you do so.
We may hold your personal information in either electronic or hard copy form. We take reasonable steps to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your personal information. For example, the platform uses AES 256 bits encryption. This is symmetric encryption that uses a unique key to encrypt and decrypt data. AES 256 encrypts user sensitive information like bux account number, pin, expiration, and passwords. Other sensitive information like card account details and information are not stored in the bux system but to our PCI complaint partner/provider. The platform also has separate access to the file system and database server to prevent any kind cross read/write access to sensitive information and implements NIDS or network intrusion detection which is managed by Rackspace. Aside from having our internal firewall, all of our front-facing website also has a web application firewall (WAF) that prevents all web related attacks or malicious attempts to our website and web services. However, we cannot guarantee the security of your personal information.
You can access the personal information we hold about you by contacting us using the contact us function. Sometimes, we may not be able to provide you with access to all of your personal information and, where this is the case, we will tell you why. We may also need to verify your identity when you request your personal information.
If you think that any personal information we hold about you is inaccurate, please contact us and we will take reasonable steps to ensure that it is corrected.
If you think we have breached the Privacy Act, or you wish to make a complaint about the way we have handled your personal information, you can contact us using the contact us function. Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time. If you think that we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take.
Effective: April 2017