In this policy we explain how and why we collect personal information about individuals, how we use it, and what controls individuals have over our use of it.
- Let Lucy is committed to complying with Commonwealth legislation (the Act and the APPs) that deals with how businesses may collect, hold and use personal information about individuals and to protecting and safeguarding the privacy of individuals when they deal with us.
Collection of information
- Some information provided to us by clients, customers and other parties might be considered private or personal. However, without such information we would not be able to carry on our business activities and provide our services. We will only collect such personal information if it is necessary for one of our functions or activities. The kinds of personal information that Let Lucy may collect and hold in respect of individuals includes but is not limited to:
- contact details and identification information;
- a unique username and password.
- In particular, personal information is collected in the following situations by Let Lucy:
- for each visitor to reach Let Lucy websites, we can collect the following non-personally identifiable information including, but not limited to, browser type, version and language, operating systems, pages viewed while browsing our sites, page access times and referring website address.
- if an individual contacts Let Lucy, we may keep a record of that communication or correspondence;
- when applying for and/or establishing and/or accessing an account with us or ordering products or services from us;
- when conducting certain types of transactions such as cheque or credit card purchases or refunds;
- when an individual submits their contact details to be included on our mailing lists;
- When an order is placed with us to purchase services we may require individuals to provide us with contact information including name, address, telephone number or email address for the purposes of processing and fulfilling such an order.
- At or before the time the personal information about an individual is collected by us, we will take reasonable steps to ensure that the individual is made aware of who we are, the fact that the individual is able to gain access to the information held about the individual, the purpose of the collection, the type(s) of organisations to which we may usually disclose the information collected about the individual, any laws requiring the collection of the information and the main consequences if all or part of the information is not collected.
- We usually collect personal information about individuals directly from the individual. However, sometimes we may need to collect personal information about individuals from third parties for the purposes described below in this policy. The circumstances in which we may need to do this include, for example, where we need information from a third party to assist us to process an application or an order (such as to verify information an individual has provided or to assess the individual’s circumstances) or to assist us to locate or communicate with the individual.
Use of information collected and disclosure of personal information to others
- We may use or disclose personal information held about an individual as permitted by law and for the business purposes for which it is collected (e.g. provision of our services, including administration of our services, notifications about changes to our services, record-keeping following termination of our services and technical maintenance) - that is, to carry on our business activities and provide services to our customers. We may also use such information about individuals for a purpose related to the primary purpose of collection and where the individual would reasonably expect that we would use the information in such a way. This information is only disclosed to persons outside our business in the circumstances set out in this policy or as otherwise notified at the time of collection of the information.
- Let Lucy’s business purposes for which personal information is collected, used and disclosed may include:
- processing an application or product order or service request (including verifying a person's identity for these purposes);
- managing our products and services or other relationships and arrangements, including processing receipts, payments and invoices;
- detecting and preventing fraud and other risks to us and our customers;
- responding to inquiries about applications, accounts or other products, services or arrangements;
- understanding our customers' needs and developing and offering products and services to meet those needs;
- researching and developing our products and services and maintaining and developing our systems and infrastructure (including undertaking testing);
- dealing with complaints;
- meeting legal and regulatory requirements. Various Australian laws may expressly require us to collect/and or disclose personal information about individuals, or we may need to do so in order to be able to comply with other obligations under those laws;
- enforcing our rights, including undertaking debt collection activities and legal proceedings.
- In addition we are permitted to use or disclose personal information held about individuals:
- where the individual has consented to the use or disclosure;
- where we reasonably believe that the use or disclosure is necessary to lessen or prevent a serious, immediate threat to someone's health or safety or the public's health or safety;
- where we reasonably suspect that unlawful activity has been, is being or may be engaged in and the use or disclosure is a necessary part of our investigation or in reporting the matter to the relevant authorities;
- where such use or disclosure is required under or authorised by law (for example, to comply with a subpoena, a warrant or other order of a court or legal process);
- where we reasonably believe that the use or disclosure is necessary for prevention, investigation, prosecution and punishment of crimes or wrongdoings or the preparation for and conduct of proceedings before any court or tribunal or the implementation of the orders of a court or tribunal by or on behalf of an enforcement body.
- where a customer (being the individual or related to the individual) has requested a service to be provided by us and we are required to disclose the information to a third party in order to facilitate the provision of the service. In most, if not all cases, any such disclosure will be with the consent of the individual.
- Third parties to whom we may disclose personal information about individuals in accordance with Let Lucy’s business purposes set out above may include:
- Let Lucy’s legal advisors;
- Let Lucy’s IT service providers;
- regulatory bodies in Australia;
- Let Lucy’s financial advisors;
- participants in financial and payment systems, such as other banks, credit providers, and credit card associations;
- guarantors and security providers associated with individuals;
- debt collectors;
- other credit providers and trade suppliers.
Anonymity and Pseudonymity
- Individuals have the option of dealing with Let Lucy anonymously. However, this only applies where is not impracticable for Let Lucy to deal with individuals acting anonymously or under a pseudonym. For example, individuals making general enquiries of Let Lucy may do so anonymously or under a pseudonym. However, if the dealing with Let Lucy is for Let Lucy to supply goods and services and/or to enter into contractual relations then it is impractical for individuals to deal with Let Lucy on an anonymous basis or under a pseudonym.
- As part of Let Lucy’s functions and business activities and to promote the services we can provide to our customers, Let Lucy may use personal information that individuals have provided to Let Lucy for the purposes of direct marketing. Direct marketing includes, but is not limited to, sending to our customers and other parties (including individuals) and/or contacting our customers (including individuals) in relation to promotions and information about Let Lucy. Recipients of direct marketing are always able to opt out of receiving direct marketing communications by sending an email to Let Lucy’s Privacy Officer at email@example.com. In any direct marketing communication we remind recipients of their right to opt out of receiving direct marketing communications.
- Our web site may contain links to other web sites and those third party web sites may collect personal information about individuals. We are not responsible for the privacy practices of other businesses or the content of web sites that are linked to our web site. Let Lucy encourages users to be aware when they leave the site and to read the privacy statements of each and every web site that collects personally identifiable information.
Security and storage
- Let Lucy places a great importance on the security of all information associated with our customers and clients and others who deal with us. We have security measures in place to protect against the loss, misuse and alteration of personal information under our control. Let Lucy takes all reasonable steps to protect personal information that is under Let Lucy’s control from misuse, interference, loss and/or unauthorised access, modification or disclosure. All personal information held is kept securely and that which is held electronically is held on secure servers in controlled facilities.
- Personal information is de-identified or destroyed securely when no longer required by us.
- Let Lucy retains information provided to us including individuals’ contact and financial and transactional information to enable us to verify transactions and customer details and to retain adequate records for legal and accounting purposes. Such information is held securely, including on secure servers in controlled facilities.
- Information stored within our computer systems or by our agents who provide electronic storage facilities can only be accessed by those entrusted with authority and computer network password sanctions.
- No data transmission over the Internet can be guaranteed to be absolutely secure. As a result, while we strive to protect users' personal information, Let Lucy cannot ensure or warrant the security of any information transmitted to it or from its online products or services, and users do so at their own risk. Once Let Lucy receives a transmission, we make every effort to ensure the security of such transmission on our systems.
Access to and correction of personal information
- Let Lucy is committed to and takes all reasonable steps in respect of maintaining accurate, timely, relevant, complete and appropriate information about our customers, clients and web-site users.
- Any individual may request access to personal information about them held by Let Lucy. Such a request for access to personal information is to be made to Let Lucy’s Privacy Officer by:
- Please note Let Lucy does require that, as part of any request by an individual for access to personal information, the individual verifies their identity so that Let Lucy may be satisfied that the request for access is being made by the individual concerned.
- Please note that Let Lucy is not required to give an individual access to personal information in circumstances where:
- Let Lucy reasonably believes that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety; or
- giving access would have an unreasonable impact on the privacy of other individuals; or
- the request for access is frivolous or vexatious; or
- the information relates to existing or anticipated legal proceedings between Let Lucy and the individual, and would not be accessible by the process of discovery in those proceedings; or
- giving access would reveal the intentions of Let Lucy in relation to negotiations with the individual in such a way as to prejudice those negotiations; or
- giving access would be unlawful; or
- denying access is required or authorised by or under an Australian law or a court/ tribunal order; or
- both of the following apply:
(i) Let Lucy has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to Let Lucy’s functions or activities has been, is being or may be engaged in;
(ii) giving access would be likely to prejudice the taking of appropriate action in relation to the matter; or
- giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
- giving access would reveal evaluative information generated within Let Lucy in connection with a commercially sensitive decision-making process.
- Inaccurate information will be corrected upon receiving advice to this effect. To ensure confidentiality, details of an individual’s personal information will only be passed on to the individual if we are satisfied that the information relates to the individual. From time to time, and having regard to the purpose of the collection and use of personal information about individuals, we may contact individuals to seek confirmation that the personal information provided to us by the individual is accurate, up-to-date and complete.
- If we refuse to provide an individual with access to or correct the personal information held by us about the individual, then we will provide reasons for such refusal. Such reasons will set out the grounds for refusal, the mechanisms available to complain about the refusal and any other matters that are required by the Act.
- Let Lucy will respond to any requests for access or correction within a reasonable time of receipt of the request, but by no later than 30 days of the request being received.
- We will investigate any complaint within 30 calendar days and attempt to resolve any breach that might have occurred in relation to the collection, use or destruction of personal information held by us about the complainant in accordance with the Commonwealth Privacy legislation and the APPs. If a complainant is not satisfied with the outcome of this procedure then the complainant may contact the Office of the Australian Information Commissioner (“OAIC”) at www.oaic.gov.au.
Transfer of information overseas
- Let Lucy is unlikely to disclose personal information to overseas recipients. Personal information will only be disclosed by Let Lucy to overseas recipients in accordance with Australian Privacy Principle 8, such as if the disclosure is required by Australian law.
- For more information on privacy legislation or the APPs please visit the website of the Office of the Australian Information Commissioner at www.oaic.gov.au.