Winyama Privacy Policy
Privacy Policy
At Winyama your privacy is important to us. We are committed to ensuring the confidentiality and security of your personal information. This Privacy Policy outlines how we collect, use, disclose and protect your personal information, as required by the Privacy Act 1988 (Privacy Act). It also outlines how you can access and change your information, ask a question, or make a complaint.
In this Privacy Policy, unless the context requires otherwise, a reference to ‘we’, ‘us’ or ‘our’ is a reference to the applicable entity or trading brand you are dealing with from the above list. This Privacy Policy does not apply to our handling of personal information relating to employees or job applicants. Please contact us if you would like further details in relation to how we handle information of that nature.
1 Personal Information Policy
1.1 What is personal information?
Personal information is information or an opinion that identifies you as an individual or from which your identity can be reasonably identified (regardless of whether the information or opinion is true or not or recorded in a material form or not). The types of information that constitutes personal information, and that we may collect, include your name, email, address, and other contact information.
1.2 What is the purpose for collecting personal information?
We only collect personal information that is reasonably necessary for our business functions and activities. This may include using your personal information to process services or any requests you may have, notify you of important changes to our services, comply with record keeping requirements, advise you of products and services that may interest you (unless you have declined to receive such communications in accordance with section 4 below) or to verify your identity. Various laws may require or authorise us to collect your personal information.
We may also keep records of communications containing personal information (including recordings of telephone calls and emails) for the purpose of staff training. If we do not collect your personal information, we may not be able to provide you with our products or services.
1.3 How do we collect personal information?
We can only collect personal information about you by a lawful and fair means. We may collect information from you directly, such as when you complete a form including an online form, a contract or make an inquiry. We may also collect your personal information indirectly from third parties such as our related companies, introducers, or service providers.
If we receive personal information about you from someone else without having asked for it (whether from within the Group or from a third party), we will only continue to hold it if it is personal information that we could have collected from you ourselves, in accordance with this Privacy Policy. We will determine whether we could have collected the information ourselves, or if it is necessary for our business functions and activities, within a reasonable period after we have received it. If it is personal information which is not reasonably necessary for our business functions and activities, or that we would not have obtained ourselves in accordance with this Privacy Policy, we will destroy or de-identify it as soon as it is practicable for us to do so.
1.4 How do we collect information on our websites?
If you are using one of our websites, you will browse anonymously, except as set out below. For all visitors browsing our website, we use cookies to collect information. A ‘cookie’ is a small text file placed on your computer by our web page server, which can later be retrieved by our web page server. Most browsers accept cookies by default; however, you can choose if and how a cookie will be accepted by configuring your preferences and options in your internet browser. Most browsers do allow a ‘private’ mode where cookies are always deleted after a visit. Please read your browser’s help section for more information about how to set the ‘private’ mode or how to delete cookies. You can still visit our site even though your browser is in ‘private’ mode, however the user experience might not be optimal, and some functionality might not work.
Cookies may be used to collect information such as the server your computer is logged on to, your browser type (for example, Internet Explorer, Chrome or Firefox), the time of visit, pages visited and your IP address. An IP address is a number that is assigned to your computer automatically and required for using the Internet and we may need to collect it for your interaction with various parts of our websites. We may also derive the general geographic area associated with an IP address. The information that we collect in this way is not capable of personally identifying you and is therefore not personal information. If you have provided us with personal information by completing an application form online, we retain the information contained in that application and we may use cookies to collect information about how you browse our websites, which can also identify you. If you would prefer not to be identified in this way, you can delete the cookies and reconfigure the cookie preferences on your internet browser.
We and third-party vendors, such as Google, use first party cookies and third-party cookies together to report how our ad impressions, other uses of ad services, and interactions with these ad impressions and ad services are related to visits to website digital services. We use Google Analytics Advertising features (Demographics and Interests Reports and Remarking with Analytics). Web users who do not want their data collected with Google Analytics can install the Google Analytics opt-out browser add-on. This add-on instructs the Google Analytics JavaScript running on websites to prohibit sending information to Google Analytics.
For marketing purposes our websites may use UTM tags. UTM tags or UTM codes are a way to analyse website traffic or marketing campaigns from other platforms or AdWords campaigns and how you interact with our websites. To do this a ‘tag’ is added to the end of a URL which provides data to Google Analytics.
1.5 Using and disclosing personal information
We only hold, use and disclose personal information about you for the purposes outlined in section 1.2, or for related purposes which might be reasonably expected, unless we otherwise obtain your consent.
By agreeing to this Privacy Policy, I confirm that I am authorised to provide the personal details presented and I consent to my information being checked with the document issuer or official record holder for the purpose of confirming my identity. We may also hold, use and disclose your personal information in connection with suspected fraud, misconduct and unlawful activity, and as part of acquisitions or potential acquisitions of or by our business.
If we are holding your personal information in connection with suspected fraud, misconduct or unlawful activity, we are not required to give you access to that personal information if we reasonably believe that such access would prejudice the taking of appropriate action in those circumstances. On some occasions, we may be obliged to disclose your personal information by law, e.g. court order or statutory notices pursuant to any legislation, and to government authorities.
1.6 Business without identifying you
In most circumstances it will be necessary for us to identify you to successfully do business with you. However, where it is lawful and practicable to do so, we will offer you the opportunity of doing business with us without providing us with your personal information, for example, if you make general inquiries about interest rates or current promotional offers.
2 Direct marketing
From time to time, we may use the personal information collected from you for direct marketing purposes, such as targeted advertising on new services and other information which we think you may find interesting. If we do contact you in this way, it will only be in relation to matters that customer would reasonably expect us to contact them directly about. We will ensure that our marketing activities comply with applicable laws. We may contact you by telephone, email or SMS for these purposes. You acknowledge that your personal information will be disclosed to other Entities within the Group, who may tailor marketing to you by combining personal information about you, which is held by those Entities with personal information we have disclosed. If you do not wish to receive any direct marketing communications from us, you may at any time decline to receive such information by contacting us as set out in Part 8 below. You can also follow the instructions for unsubscribing in our direct marketing communications. We will not charge you for giving effect to your request and will take all reasonable steps to meet your request at the earliest possible opportunity.
We do not sell personal information to third party organisations to allow them to contact you for direct marketing purposes.
3 Keeping personal information secure
3.1 Security
Your personal information may be held by us in electronic form on our secure servers and may also be held in paper form. We may use cloud storage to store the personal information we hold about you. The security of your information is very important to us, and we have security measures to protect any personal, credit or sensitive information that we hold.
Before disclosing personal information to a customer, we confirm the identity of that customer to prevent misuse or unlawful disclosure of the information.
We have security measures to ensure the physical security of personal information held on our premises and systems. When records containing personal information are no longer required, we delete the information or permanently de-identify it. In relation to data stored or transmitted electronically, we regularly review developments in security and encryption technologies. Unfortunately, no data transmission over the internet can be guaranteed as completely secure. We take all reasonable steps to protect the information in our systems from misuse, interference, loss, and any unauthorised access, modification, or disclosure.
We take reasonable steps to preserve the security of cookie and personal information in accordance with this policy. If your browser is suitably configured, it will advise you whether the information you are sending us will be secure (encrypted) or not secure (unencrypted).
3.2 Data breaches
A data breach occurs if personal information that the Group or its Entities hold is subject to unauthorised access or disclosure or is lost. We will take all reasonable steps to prevent a data breach from occurring.
A data breach will be notified to you and the Australian Privacy Commissioner (Commissioner) if:
• There is unauthorised access to or disclosure of your personal information.
• The unauthorised disclosure is likely to result in serious harm to you; and
• We have been unable to prevent the likely risk of serious harm with remedial action.
We will also conduct an assessment if it is not clear if a suspected data breach meets the above criteria. The assessment will determine whether the data breach is an ‘eligible data breach’ that triggers notification obligations to you and to the Commissioner.
Once you are notified about a data breach that we have assessed as an eligible data breach, you are encouraged to take steps to reduce your risk of harm, through measures such as changing passwords and being alert to identity fraud or scams.
4 Access and correction of personal information
4.1 Access
You are entitled under the Privacy Act to access the personal information we hold about you and (if it is reasonable and practicable) to do so in a manner that you request.
We will need to validate the identity of anyone making an access request, to ensure that we do not provide your information to anyone who does not have the right to that information.
We will provide you access within 30 days if it is reasonable and practicable to do so, but in some circumstances, it may take longer (for example, if we need to contact other entities to properly investigate your request).
There may be situations where we may refuse to provide you with access, such as where the information relates to existing or anticipated legal proceedings, if the request is vexatious or if the information is commercially sensitive. If access is refused, we will give you a notice explaining our decision to the extent practicable and your options to make a complaint.
We do not usually charge you for access to your personal information. However, if the request is complex, we may charge you the marginal cost of providing the access, such as staff costs of locating and collating information or copying costs.
4.2 Correction
If you feel that the personal information, we hold about you is incorrect, you can contact us at any time to request that we correct that information. If you would like to do so, please contact our Privacy Officer using the contact details in Part 8 below.
If appropriate we will correct the information at the time of the request. Where reasonable, and after our investigation, we will provide you with details about whether we have corrected the personal information. We may need to consult with other entities as a part of our investigation (including other credit providers or CRBs). We will normally try to resolve correction requests within 30 days of you making a request. There will be no cost to you if we correct your personal information held by us.
5 Complaints
If you believe that we have not complied with our obligations relating to your personal information
(Including your credit information and sensitive information), please contact Winyama Legal via:
Phone: (08) 6333 0372 between 9:30am and 4:30pm Monday to Friday
Email: enquiries@winyama.com.au
We will investigate your complaint and respond within 30 days with a proposed resolution.
If you feel we have not properly dealt with a complaint, you may contact the Office of the Australian Information Commissioner at enquiries@oaic.gov.au or on 1300 363 992.
6 Updates
We may review and amend this Privacy Policy from time to time to address changes to laws and to reflect our current operations and practices.
You can obtain a copy of the current version on request.