EML Payment Solutions Limited Privacy Statement
Dated January 2016
EML Payment Solutions Limited is committed to protecting your privacy. We maintain robust physical, electronic and procedural safeguards to protect personal information in our care. This Privacy Statement applies to the EML website, products and services and governs data collection and usage.
We are bound by the Privacy Act 1988 (Cth) (‘Privacy Act’) and will protect your personal information in accordance with the Australian Privacy Principles.
These principles govern how we collect, use, hold and disclose your personal information, as well as how we ensure the quality and security of your personal information.
What is personal information?
Personal information includes any information or opinion, about an identified individual or an individual who can be reasonably identified from their information. This may include your name, address, telephone number or email address.
How do we collect personal information?
EML is a payments processor of reloadable and non-reloadable prepaid card products and services in Australia.
EML main functions and activities it performs as a payments processor include:
- Card issuing, payment clearing and settlement;
- Platform Hosting and transaction processing;
- Application support and development;
- Program maintenance and reporting;
- Account management services;
- Cardholder and Card Program Sponsor customer service; and
- Fraud and transaction monitoring.
EML rarely has direct contact with the individual cardholder and we may need to collect personal information about you from other people or organisations. This may happen without your direct involvement. For instance, we may collect personal information about you from other organisations, who jointly with us, provide products or services to you.
The circumstances in which EML will collect personal information about you, as the cardholder, includes when:
- you contact us; or
- you register or apply for a Card; or
you use a Card for transactions and balance enquiries.
What personal information do we collect?
EML collects and/or tracks the following types of personal information:
- The personal information you have provided us through our online card activation process including:
- e-mail address;
- home or work address; and
- telephone number.
- There is also information about your computer hardware and software that is automatically collected by EML. This information can include:
- your IP address;
- browser type;
- domain names; and
- access times.
- Information we receive from third parties including card program sponsors, credit bureaus and information services and aggregation businesses, regarding verification of identification details.
Throughout the life of your product or service, we may collect and hold additional personal information about you. This could include transaction information or making a record of queries or complaint you make.
For what purposes do we collect, hold, use and disclose personal information?
The main reason we collect, use, hold and disclose personal information is to provide you with products and services.
- checking whether you are eligible for the product or service;
- providing the product or service; and
- assisting you with your inquiries or concerns.
We may also collect, use and exchange your information so that we can:
- establish your identity;
- manage our risks and help identify and investigate illegal activity, such as fraud;'
- contact you;
- comply with our legal obligations and assist government and law enforcement agencies or regulators;
- conduct research and training; or
- provide general statistics regarding use of the EML website.
EML encourages you to review the privacy statements of websites you choose to link to and from EML so that you can understand how those websites collect, use and share your information. EML is not responsible for the privacy statements or other content on websites outside of the EML website.
Is the information disclosed to third parties?
EML may disclose your personal information to third parties:
- who are service providers, contractors or card program sponsors of EML;
- to facilitate the operation of the card and the completion and settlement of transactions using the card;
- for anti-money laundering, counter-terrorism financing, detection of crime, legal compliance and fraud prevention purposes; and
- when required or allowed by law.
When your personal information is shared with service providers or contractors, it will only be to the extent reasonably necessary for the purpose of the services they are contracted to provide.
When your personal information is shared with program sponsors, it will only be to the extent reasonably necessary for the purpose of performing any necessary cardholder customer support, conducting statistical analysis, improving their product, services and practices.
EML may also disclose Personal Information to other third parties in circumstances where:
- We must fulfil our legal obligations (for example, disclosure to Australian (and international) enforcement bodies such as the Australian Securities and Investments Commission (ASIC), the Australian Taxation Office (ATO), the Australian Transaction Reports and Analysis Centre (AUSTRAC), Centrelink or the Courts);
- It is in the public interest (that is, to protect our interests or where we have a duty to the public to disclose, or where it is necessary in proceedings before a court or tribunal) and where a crime or fraud is committed or is suspected; or
- It can be reasonably inferred from the circumstances that the Cardholder has consented to their Personal Information being disclosed to a third party.
EML does not use or disclose the Personal Information for any other purpose unless one of the following applies:
- The individual has consented;
- The individual would reasonably expect EML to use or disclose the Personal Information for a purpose that is related to the primary purpose; or
- Use or disclosure is required under Australian law.
As a matter of course, EML does not disclose personal information to overseas recipients.
If this position changes, we will only send your personal information outside Australia where, for example:
- You have requested or consented that we send your Personal Information;
- We outsource a function or service to an overseas contractor with whom we have a contractual relationship; and
- It is necessary to investigate or facilitate a transaction on your behalf.
We will not send your personal information outside Australia unless it is authorised by law and we are satisfied that the recipient of the Personal Information has adequate data protection arrangements in place.
EML will continue to keep your personal information as is reasonably necessary, for the purposes mentioned above, after the expiry of the Card.
EML does not collect, use or disclose sensitive personal information, such as race, religion, or political affiliations.
Your consent is important
EML may require your consent to use and/or disclose your information in particular ways.
We need your consent if we use your information for a purpose that is not related to the purpose for which we collected your information in the first place.
Depending on the circumstances, this consent may be express (for example, you expressly agree to the specific use of your information by ticking a box) or implied by some action you take or do not take (for example your agreement is implied by the fact that you have agreed to your product terms and conditions which contains information about the use of disclosure).
Do we collect personal information electronically?
Each time you visit our website, we collect information about your use of the website, which may include the following:
- The date and time of visits;
- Which pages are viewed
- How users navigate through the site and interact with pages;
- Location information about users
- Information about the device used to visit our website; and
- IP addresses.
Security of your Personal Information
EML protects your personal information from unauthorised access, misuse and disclosure.
Our security safeguards include:
|Physical Security||We have protection in our buildings against unauthorised access such as alarms, cameras and 24/7 monitored building access. We maintain physical security, such as locks and security systems over our paper and electronic data stores and premises|
|Staff education||We train and remind our staff of their obligation with regard to your information|
|System security||When you transact with us we encrypt data sent from your computer to our systems. Where appropriate, we have firewalls, password protection, intrusion detection systems and virus scanning tools to protect against unauthorised persons and viruses accessing our systems. When personal information is transmitted to other websites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol. We also limit access by requiring use of passwords.|
|Destroying data when no longer required||Where practical, we keep information only for as long as required (for example, to meet legal requirements or our internal needs).|
|Payment Card Industry (PCI) Data Security Standard (DSS)||The PCI Data Security Standard represents a common set of industry tools and measurements to help ensure the safe handling of sensitive information. The standard provides an actionable framework for developing a robust account data security process – including preventing, detecting and reacting to security incidents. We have achieved the highest level of PCI DSS accreditation ensuring our customers are afforded the upmost protection and reliability of our implemented processes, systems and environment.|
Protecting your privacy
You can help us to protect your privacy by observing our security requirements and contacting us immediately if your contact details change.
We require you to keep your personal identification number (PIN), passwords and access codes confidential and secure at all times. This means that you should not disclose you PIN, passwords or access codes to any other person. You should contact EML immediately, if you believe that your PIN, passwords or access codes may have been disclosed to another person or if you would like to change your PIN or password.
Access to your personal information
You are entitled to ask us to supply you with any personal information that we hold about you. You must submit your request in writing to the appropriate address as below:
EML Payment Solutions Limited
Level 2, 26 Commercial Road
We maintain the quality of your personal information by taking reasonable steps to ensure that the information collected, used and disclosed is accurate, complete and up-to-date.
You may also update your personal information at any time by contacting EML on 1300 739 889 or emailing firstname.lastname@example.org.
How to make a complaint
EML welcomes your comments regarding this Privacy Statement. Should you wish to make a complaint about the way in which EML has handled your personal information or if you believe EML has breached the Australian Privacy Principles, please contact us at email@example.com or on 1300 739 889.
We will acknowledge your complaint as soon as we can after receipt of your complaint. We will let you know if we need any further information from you to resolve your complaint.
We aim to resolve complaints as quickly as possible. We strive to resolve complaints within five business days but some complaints take longer to resolve. If your complaint is taking longer, we will let you know what is happening and a date by which you can reasonably expect a response.
If you’re not satisfied with our handling of your matter, you can refer your complaint to external dispute resolution.
Under the Privacy Act you may complain to the Office of the Australian Information Commissioner by calling them at 1300 363 992, online at www.oaic.com.au or writing to the Office of the Australian Information Commissioner, GPO Box 5218 Sydney NSW 2001.
Changes to this Statement
EU-US Privacy Shield
EML is a payment systems processor and program manager of payment card programs for clients and individuals that register prepaid cards in the European Economic Area (EEA). EML primarily handles anonymous forms of payment; however, certain lines of business require or allow for the collection, processing, and transmission of personally identifiable and nonpublic personal information. EML stores, processes, and transmits data in a safe and secure manner to and from assets located within the United States of America.
The Federal Trade Commission has jurisdiction over EML’s compliance with the Privacy Shield.
In accordance with the EU-U.S. Privacy Shield Principles, EML has a liability in cases of onward transfers to third-parties and complies with the Notice and Choice Principles for all data disclosed or transferred to a third-party.
EML will adhere to EU-U.S. Privacy Shield Principles in using data to (1) reasonably provide, maintain, protect, improve services; (2) investigate fraud or report a card lost or stolen; and (3) respond to legal requests from public authorities to meet national security or law enforcement requirements.
EML enables individuals to exercise rights to access their personal information and choices provided to them through EU-U.S. Privacy Shield Principles. Within 45 days of a written request, EML will make reasonable efforts to grant individuals access to any personal information held by them. EML will provide access so that the individual may review, correct, amend, or request deletion of their personal data. EML offers individuals the opportunity to opt-out of (1) personal information being disclosed to third-party, or (2) personal information being used for a purpose other than the intended use or as otherwise authorized by the individual.
In compliance with the Privacy Shield Principles, EML commits to resolve complaints about our collection or use of your personal information. European Union individuals with inquiries or complaints regarding our Privacy Shield policy should first contact EML at: firstname.lastname@example.org
Or by mail at:
EML USA, LLC
Attn: Privacy Officer
8330 Ward Parkway, 4th Floor
Kansas City, MO 64114
EML commits to cooperate with the panel established by the EU data protection authorities (DPAs) and comply with the advice given by the panel with regard to data transferred from the EU.
An individual has the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. Further information is available at this link: https://www.privacyshield.gov/article?id=ANNEX-I-introduction