About this policy
This policy applies to IOR Petroleum Pty Ltd (ABN 36 009 653 070), IOR Aviation Pty Ltd (ABN 60 056 487 453) and its related bodies corporate in Australia from time to time (collectively referred to as “we” throughout this policy). It outlines how we manage the personal information and credit-related personal information we hold about our customers, potential customers, contractors and others.
We are bound by the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (“Privacy Act”) and any applicable parts of the credit reporting requirements in Part IIIA of the Privacy Act and the Credit Reporting Code of Conduct.
Under the Privacy Act, and throughout this policy, “personal information” is information or an opinion about an individual, or an individual who is reasonably identifiable, whether the information is true or not and whether the information is recorded in material form or not.
In this policy, where we refer to “you” or “your”, we are referring specifically to natural persons as opposed to other entities such as partnerships, trusts and companies.
MANAGEMENT OF PERSONAL INFORMATION
How do we collect personal information?
We collect personal information that is necessary for our business activities and in order to provide and develop our services.
The main way in which we collect personal information is through hardcopy forms or through forms provided on our website or apps (for external users) and intranet (for employees). We may also collect personal information when you provide your credit card or banking details, by recording telephone calls made to us or our call centre, in face-to-face meetings and in interviews. We may also record your image and activities on CCTV footage taken on our premises.
We may collect personal information from third parties, such as from referees in the case of prospective employees or applicants for credit, publicly available information, other credit providers, credit insurers and commercial credit reporting organisations.
What types of personal information do we collect?
The personal information we may collect about you is dependent upon your relationship with us. The following are some examples of the types of personal information that we may collect from individuals:
(a) In the recruitment context:
- application forms – name, addresses, telephone numbers;
- resume details – which will usually include details such as an individual’s name, address, telephone numbers, academic qualifications, employment history, and referees;
- reference checking;
- pre-employment medical (with the prospective employee’s consent);
- psychological and drug testing; and
- criminal record checks.
(b) Commercial customers
- personal details – including names, addresses, telephone numbers, copy of drivers licences, vehicle registration numbers and unique assigned identification numbers;
- financial details including banking details – for payments (where applicable);
- credit application form (if you or a company of which you are a director applies for credit, or if you propose to guarantee credit applied for by another person) – including name, company, postal and email addresses, mobile phone number, date of birth, bank account details and drivers licence number. We will also collect information contained in credit reports obtained from credit reporting bodies, which includes information about your credit history with other credit providers. We will also collect and hold scores, ratings, summaries, evaluations and other information about your credit worthiness which is derived by us or by credit reporting bodies wholly or partly from any of such information.
(c) Customers generally
- CCTV footage within certain areas (where signed);
- monitoring and/or recording interactions with customer service representatives at our call centre – customers’ conversations with our call centre may be monitored and/or recorded for coaching, training, record keeping and dispute resolution purposes. Callers will be notified at the outset if such monitoring or recording is to occur and be given the option not to have the call recorded. We may, even if the phone call is not recorded, collect personal information during those telephone calls to assist with your query; and
- competitions and contests – we may use the personal information collected from competitions and contests (for example, the contestant’s name and address) to market certain of our products to the contestants. Where we intend to do this, we will advise the contestant of this in the competition’s terms and conditions.
- personal details – including names, addresses, telephone numbers; and
- financial details – including bank account details.
How do we use and disclose personal information?
The personal information you provide us may be used for a number of purposes connected with our business operations, which include to:
- facilitate provision of our products and services to you;
- establish a commercial account for you;
- assess and process your credit application or your application to guarantee credit applied for by another person – see below for further information;
- ensure the security of our equipment and monitor the distribution of fuel;
- respond to your customer service or other enquiries;
- better understand your needs;
- assess your employment application; and
- provide you with information about our products and services (as further described below).
Subject to the exceptions set out in the Australian Privacy Principles (for example, the use or disclosure of personal information when permitted by law, or with your consent), we will only use and/or disclose your personal information for:
- the primary purpose for which it is collected; or
- a related purpose, where you would reasonably expect that it be used and/or disclosed without your further consent.
This means that generally we will only disclose your personal information internally and/or to a third party contracted to provide services to us and only if necessary for one of the purposes referred to above.
The third parties that we may use vary depending on the particular circumstances in each case, but typically fall into the following categories:
- insurance companies;
- trade promotion agencies;
- insurance assessors;
- billing and mailing houses;
- delivery contractors;
- IT service providers;
- superannuation funds;
- credit reporting agencies; and
- payment fulfilment and fraud prevention service providers.
Will we send you marketing material and what can you do to stop that?
Your personal information may be used so that we, our related bodies corporate, agents and contractors can provide you with information about our products and services, such as by way of direct mail or telemarketing, and, where you have opted in, by email, SMS and MMS, or to request your feedback for promotional purposes.
If you have received marketing material from us and you wish to stop it, you can write to the Privacy Officer at the address set out below. We will not charge you or in any way disadvantage you if you choose to opt out of receiving marketing material.
We will not disclose your personal information to a third party for that third party to send you its marketing material unless we have obtained your consent. We may occasionally provide our marketing material to third parties to distribute on our behalf to individuals who have consented to receiving that material.
When do we share information?
We generally will only disclose personal information to third parties without your consent if that disclosure is necessary for the purpose(s) for which that information was collected. Set out below are some examples of where it is necessary for us to disclose personal information to third parties:
(a) In the recruitment context, we require prospective employees to complete documentation and submit to pre-employment checks, including completing application forms, reference checking, pre-employment medicals, psychological and drug testing and criminal record checks which involves disclosure of personal information to various third parties.
(b) Generally, and in a commercial context:
- Our related companies and business partners.
- Persons engaged in providing us with professional, business, technology and corporate services, when reasonably required (as further described above).
- Credit checks on new and existing individual customers – we may provide necessary personal information to our credit reporting organisations to ascertain an individual’s financial position if the person is a new or an existing customer.
- Competitions – in some cases we use third parties to run our competitions. In these instances, unless otherwise disclosed to the contestant prior to, or at the time of, entering the competition (normally set out in the competition’s terms and conditions), any personal information collected about a contestant will be returned to us.
- Video monitoring – all footage captured by CCTV is retained for a period, after which time it is erased, unless it is identified and retained for the purpose of investigating a specific incident. CCTV footage may be disclosed to the relevant police service, our external legal advisers and our relevant customer at our discretion and without further notice if an incident occurs.
The section ‘IOR Quickpay’ below describes how we collect, use and share your personal information when you purchase fuel through the IOR Quickpay app.
Unless you consent, we otherwise will not disclose your personal information to third parties.
Do we send your personal information overseas?
Some of the information systems we use store personal information are outside Australia. In the course of our ordinary business operations, your personal information may be stored in the United States of America and countries in the European Union.
Passive information collection technologies
Our website uses Google Analytics and other technologies, which passively collect information (which means it is collected without you actively providing it). The technologies we use collect information such as your IP address, your device’s unique identifier number, date, time and duration of your visit and the web address of the website that you visited before you arrived at our website.
We use the following Google Analytics Advertising Features:
- Remarketing with Google Analytics;
- Google Display Network Impression Reporting;
- Google Analytics Demographics and Interest Reporting; and
- collection of data via advertising cookies and identifiers.
Remarketing with Google Analytics uses the Google Analytics and/or third-party cookies to serve advertisements to you across the Internet based on your visit to our website.
We use personal information collected through these technologies on our website in order to optimise your online experience; cookies enable our website to work more efficiently with the device you are using to access our website. We also use this information in order to understand and measure your online experience and to make decisions about what products, services and promotions may be of interest to you. We do not use the personal information collected through these technologies for any other purpose, nor do we combine it with any other personal information we collect about you.
You can manage cookies in the settings of your browser. In particular, you can opt-out of Google Analytics Advertising Features through Ad Settings or by installing the Google Analytics Opt-out Browser Add-on (available at https://tools.google.com/dlpage/gaoptout/).
MANAGEMENT OF CREDIT REPORTING INFORMATION
What credit-related personal information do we collect?
We collect and hold credit-related personal information in connection with applications for commercial credit for business purposes. Examples of the types of credit-related personal information we may collect and hold include:
- identity particulars of individuals associated with the applicant for credit, including contact name, address, date of birth, phone numbers, employer and copies of their drivers licence. This information is mainly collected about the directors, partners, trustees or principals of the business, but some personal information may also be collected about others in that business (such as the account management staff or a guarantor where we deem necessary);
- financial information relating to directors, partners, trustees or sole traders, and any person who acts, or proposes to act, as a guarantor;
- historical insolvency information of directors, partners, trustees, sole traders or managers associated with a business applying for credit;
- commercial credit information of directors, partners, trustees or sole traders, anyone acting or proposing to act as a guarantor, or any individual applying for credit, including information about credit history with other credit providers. This information is obtained from credit reporting organisations where we believe it is necessary to assess the commercial credit worthiness of individuals associated with the applicant for credit, including guarantors;
- scores, ratings, summaries, evaluations and other information about your credit worthiness which is derived by us or by credit reporting organisations wholly or partly from any of such information; and
- where an application for commercial credit is made by a sole trader or partnership and we have made a request with a credit reporting organisation in connection with such an application, the type and amount of credit that has been applied for.
Why do we use and disclose credit-related personal information?
Personal information provided to us in connection with an application for commercial credit is principally used to assess and (where applicable) process that application and for the ongoing management of a credit account in the name of the applicant (if the application is successful), including reviews of credit limits, ordering behaviours and patterns, managing defaults and collecting payments, and otherwise as permitted by law. This may involve one or more of the following:
- assessing the commercial credit worthiness of the applicant, or individuals associated with the applicant (in the case of a business applying for commercial credit) where we deem that necessary, including obtaining commercial credit reports from credit reporting organisations;
- verifying the identity of the applicant, or individuals associated with the applicant;
- disclosing personal information to credit reporting organisations before, during or after the granting of credit to the applicant, including but not limited to identity particulars (as outlined above), commercial payment defaults of individuals and serious commercial credit infringements (mainly in relation to guarantors);
- obtaining and verifying personal information from a motor vehicle or land title registry or from a business that provides commercial credit worthiness information;
- providing to or exchanging personal information with any person whose name is given to us in connection with an application for credit;
- providing personal information to a credit insurer to insure the applicant’s or your debt to us;
- participating in the credit reporting system including providing information to credit reporting bodies and exchanging personal information with another credit provider who is named in an application for credit or in a credit report issued by a credit reporting organisation, or a credit provider who proposes to provide credit to an applicant, principally for (but not limited to) the following purposes:
- assisting an account holder from defaulting on its commercial credit obligations;
- assessing an account holder’s position if it falls into arrears; or
- notifying other credit providers of if an account holder defaults;
- continually reviewing and assessing your credit worthiness;
- deriving scores, ratings, summaries and evaluations relating to your credit worthiness (which are used in our decision-making processes and ongoing reviews);
- disclosing personal information to our collection agents and solicitors in the event of a default; and
- assisting any potential purchaser of all or part of our business in carrying out due diligence.
Some credit information may only be used or disclosed under the Privacy Act for some of the above purposes or in some circumstances.
Who is credit-related personal information obtained from or disclosed to?
Where the Customer applies for credit to be provided by IOR Aviation Pty Ltd, IOR Transport Pty Ltd or a related body corporate, the processing of that application and the management of the credit provided will be performed by IOR Petroleum Pty Ltd. Accordingly, IOR Aviation Pty Ltd, IOR Transport Pty Ltd or its related body corporate will share the Customer’s personal information and credit-related information with IOR Petroleum Pty Ltd for these purposes.
If you, or a company of which you are a director, apply to us for credit, we may obtain a credit report about you from a credit reporting organisation. We may also obtain a credit report about you (when the Privacy Act permits us to do so) if you have guaranteed, or have offered to guarantee, an application for a credit facility for a company or someone else.
We will provide information to the credit reporting body that identifies you, and we may give them information about the type and amount of credit applied for or provided to you (or your company).
We disclose commercial credit-related personal information to third parties in the circumstances and for the purposes described above, including to credit reporting organisations, credit providers, trade referees and credit rating service providers. Credit reporting organisations may include commercial credit-related personal information in reports provided to credit providers to assist them to assess an individual’s commercial credit worthiness.
When we request a credit report from a credit reporting organisation, we will disclose information to the credit reporting organisation that identifies you and we may also give them information about the type and amount of credit applied for or provided to you (or your company). Currently, we share credit-related personal information with the following credit reporting organisation:
PO Box 964
North Sydney NSW 2059
Phone 1300 762 207
Email [email protected]
To obtain a copy of your credit file held by Veda Advantage, or to view a copy of Veda Advantage’s policy about the management of credit-related personal information, please visit www.mycreditfile.com.au.
What are your rights in relation to credit reporting bodies?
(a) Opting out of direct marketing pre-screenings – a credit reporting organisation may use your credit-related personal information to assist a credit provider to market to you by pre-screening you for direct marketing by the credit provider. You have the right under the Privacy Act to request a credit reporting organisation to exclude you from such a direct marketing pre-screening by contacting that credit reporting organisation.
(b) If you are a victim of fraud – if you reasonably believe you have been, or are likely to be, a victim of fraud (including identity fraud), you have a right to request a credit reporting organisation not to use or disclose any credit-related personal information held by that organisation about you for a minimum of 21 days (referred to as a “ban period”). We reserve the right to delay or refuse any application for credit where we reasonably believe it requires credit-related personal information about an individual but we are unable to obtain such information because a ban period is in effect for that individual.
PROTECTION, ACCESS, CORRECTION AND COMPLAINTS
In this section, the term ‘personal information‘ includes credit-related personal information.
How do we protect personal information?
We store personal information in a range of paper-based and electronic forms:
(a) Paper Security – where personal information is stored in physical form, we may use a variety of mechanisms to protect the security and integrity of such information which might include:
- locking personal information in cabinets and only giving access to those employees who have a need to use it; and
- using other access control measures such as keyed access, security alarms and surveillance cameras to deter and detect unauthorised access.
(b) Computer and Network Security – we adopt a number of security measures to protect information from unauthorised access to our computer systems which include:
- access control for authorised users such as user names and passwords;
- limiting access to shared network drives to authorised staff;
- virus checking; and
- specialised IT support to deal with security risks.
(c) Communications Security – transmission of personal information may involve insecure telecommunications lines. Security of this personal information is enhanced by:
- checking facsimile numbers before sending personal information, and confirming receipt;
- PIN numbers and passwords required for some telephone and internet transmissions;
- identity checking before giving out any personal information; and
- encryption of data for high risk transmissions.
Personal information in our possession may be retained in archival storage. Generally, we will destroy personal information after a period of seven (7) years following its collection unless it is required, or may be required, to be kept for a longer period because of the purpose(s) for which it was originally collected.
Notifiable data breaches scheme
In the event of any loss or unauthorised access or disclosure of your personal information that is likely to result in serious harm to you, we will investigate and notify you and the Australian Information Commissioner, in accordance with the Privacy Act.
How can you access to your personal information?
If you want access to your personal information held by us, please put your request in writing and clearly identify the personal information you seek access to. This is important to ensure that your request can be dealt with quickly and cost effectively. All requests for access must be addressed to The Privacy Officer (see contact details below).
Depending on the circumstances, we reserve the right to charge you a reasonable administrative fee. For example, our reasonable administrative costs might include:
- reasonable staff costs in locating and collating the information;
- reasonable reproduction or photocopying costs; and
- reasonable costs involved in having someone explain the information to you.
If a fee is charged for providing access, you will be advised of the likely cost in advance.
We may not release the personal information where we are not required to do so under the Privacy Act. For example, if the information reveals a formula or the details of a commercially sensitive decision-making process, then, in these instances, we may decide to give you an explanation of the commercially-sensitive decision rather than direct access to the information.
What if your personal information is inaccurate?
We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up to date.
You can request that we correct any personal information that we hold about you, if you believe that it is incorrect. You should contact us if your personal information changes. If we believe it is inappropriate to delete or alter the original information, we will discuss with you alternative ways of correcting the information that satisfies the needs of both parties.
Where a request to correct personal information relates to credit-related information, we will notify the individual of our decision as to whether we agree to correct that information in writing.
Where we do not agree to amend credit-related personal information held about you, we will provide you with reasons for our decision and details of how you may make a complaint about our decision.
How do you make a complaint?
If you wish to make a complaint to us about a possible breach of privacy, please provide full details of your complaint in writing and send it to the Privacy Officer (see contact details below). We will aim to resolve any such complaint (or at least to have responded and updated you on progress) within 30 days of the date of your complaint.
If your complaint specifically concerns credit-related personal information and you believe we have not complied with our obligations under the Privacy Act or, if applicable, the Credit Reporting Code of Conduct, we will acknowledge any complaint within 7 days of receiving it and aim to investigate and resolve complaints within 30 days. If that is not possible, we will seek to agree a longer period with you. We will notify you of the outcome of our investigation in writing, including details of how you make a complaint if you are not satisfied with our decision.
If you are not satisfied with our response, you can also make a formal complaint to the Officer of the Australian Information Commissioner (which is the regulator responsible for privacy in Australia):
Office of the Australian Information Commissioner (OAIC)
Complaints must be made in writing.
1300 363 992
Director of Compliance
Office of the Australian Information Commissioner
GPO Box 5218, Sydney NSW 2001
How to contact us?
If you would like more information regarding our approach to privacy or how we handle your personal information you can write to:
The Privacy Officer
IOR Petroleum Pty Ltd
PO Box 576 Cannon Hill Qld 4170