Loading...

Privacy Policy

Your privacy is important to us

NexPay Privacy Disclosure Statement & Consent

This privacy statement is made on behalf of NexPay Pty Ltd ACN 153 910 984 (“NexPay”). All references to “NexPay”, “we”, “us” or “our” in this policy are references to NexPay Pty Ltd.

NexPay is committed to protecting your privacy and to compliance with the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) and any amendments thereto. If you have any questions relating to this privacy statement or your privacy rights please contact us.

This Privacy Statement sets out the policy of NexPay for management of personal information. We are committed to ensuring the privacy of your information and recognise that you, as a customer, are concerned about your privacy and about the confidentiality and security of information that NexPay may hold about you.

By using our web site and/or our services, you consent to our collection, use and collation of your information as it appears within this policy. If at any time our information practices change in the future, we will amend the policy on our website. Should you have any immediate concerns about how your information is used, you should check our website periodically to ensure you are up to date with our current policy.

This Policy is designed to inform customers of –

  • The NexPay Privacy Policy;
  • What information we collect and the purposes for which we collect it;
  • Use and disclosure of information collected;
  • Security of your personal information;
  • Gaining access to information we hold about you;
  • What to do if you believe the information we hold about you is inaccurate;
  • Complaints in relation to privacy; and
  • How to contact us.

Personal Information

Personal information is information or an opinion about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion. NexPay will also collect any personal information necessary for the purposes of complying with the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth).

Information generally collected by NexPay includes (but is not limited to) the following (depending on the nature of the service provided):

  • your name, address and other contact details;
  • relevant financial information;
  • transaction purpose;
  • Identification and verification information;
  • Tax file numbers
  • Bank account information

Open and transparent management of personal information

NexPay seeks to ensure that personal information we hold about an individual is managed in an open and transparent manner. We have implemented procedures to ensure compliance with the Australian Privacy Principles and any applicable codes, and to deal with any complaints relating to our compliance therewith.

NexPay has a clear and up-to-date privacy policy outlining our management of personal information, including details regarding the kind of personal information we collect and hold; how and why we collect and hold this information, and how an individual may access and seek correction of the information we hold about them. We further provide details regarding our complaints handling process, our policy on disclosure of information to overseas recipients.

Collection of personal information

This policy details how NexPay adheres to the Australian Privacy Principles regarding the collection of solicited personal information. NexPay only collects personal information directly from individuals, which is reasonably necessary for the provision of our services, and only by lawful and fair means. We will always ensure you are apprised of our purpose in collecting information, and your right to gain access to such information. If you do not provide the information requested, we may be unable to provide you with our services.

Please note that generally we will only use the personal information we collect for the main purposes disclosed at the time of collection such as to provide you with financial services. We may also use your contact information to provide you with information regarding our other products from time to time, where we believe these may be of interest or benefit to you.

Where possible we will collect the information directly from you but certain information may be collected about you from other sources, for example, a referring third party. You herewith consent to such indirect collection of information in these circumstances, unless you advise us otherwise.

Unsolicited personal information

Where we receive personal information about an individual which is unsolicited by us and not required for the provision of our services, we will destroy the information (provided it is lawful and reasonable for us to do so).

Notification of the collection of personal information

When we obtain personal information about you, we ensure that you have our contact details and that you are aware of the collection of information and our purposes for doing so. As per above, we are unable to provide certain services if the requested information is not provided. We do not disclose your information to third parties, unless they are related entities or services providers, in which case they are required to conform to our procedures.

Use and disclosure of personal information

NexPay collects and holds personal information about an individual for the purpose of providing remittance services. We collect this information with your consent as per our service documentation, for the primary purpose disclosed to you at the time of collection.

However, in some cases NexPay will use or disclose personal information for secondary purposes (any purpose other than a primary purpose). Personal information obtained to provide remittance services may be applied to secondary purposes if the secondary purpose is related to the primary purpose of collection and the person concerned would reasonably expect the personal information to be used or disclosed for such secondary purpose. NexPay may also provide your personal information to third parties in order to provide you with our remittance services.

We may exchange or supply your personal information with/to our professional advisers or agents, external service providers, your nominated professional advisers or representatives, government departments/agencies/bodies, other financial institutions, our insurers, or debt collectors. Examples include disclosure of your information to an external party providing electronic identification services, or to intermediary banks in order to process transactions on your behalf.

We may also disclose your personal information without consent where it is required or authorised by law.

Direct Marketing

NexPay will only use personal information obtained for the provision of remittance services, for the secondary purpose of direct marketing where:

  1. NexPay collected the personal information from the individual; and
  2. The individual would reasonably expect NexPay to use or disclose the information for the purpose of direct marketing; and
  3. NexPay provides a simple means through which an individual can request to not receive marketing communications; and
  4. The individual has NOT requested such communications cease.

Please note that NexPay allows an individual to opt out of the receipt of direct marketing in each direct marketing communication. You can change your mind about receiving information at any time by emailing us at support@nexpay.com.au . On occasion, the law requires us to advise you of certain changes to products/services or regulations. You will continue to receive this information from us even if you choose not to receive direct marketing information from us. We will not disclose your information to any outside parties for the purpose of allowing them to directly market to you.

Cross border disclosure/Sensitive information/Use of government identifiers/Anonymity & Pseudonymity

NexPay does not, for the purposes of the Privacy Act, collect sensitive information. Wherever lawful and practicable, individuals may deal anonymously with NexPay but given the nature of our services, it is unlikely that this will be a viable option. NexPay does not use official identifiers (e.g. tax file numbers) to identify individuals. An individual’s name or Australian Business Number is not an identifier for the purposes of the Privacy Act and hence may be used to identify individuals.

NexPay will only share/transfer personal information with overseas entities or persons to facilitate your transactions or comply with our legal obligations. Such entities or persons may include overseas intermediary banks, as well as our overseas branches and service providers (who will be required to comply with our privacy policy).

Access to personal information

Where a person requests access to their personal information, our policy is, subject to certain conditions (as outlined below) to permit access. We will not charge an individual for reasonable access and correction requests. If a person wishes to access their personal information or correct it, they should contact the Privacy Officer, and we will seek to provide such information within a reasonable period of time, and in the manner so requested (where reasonable to do so).

NexPay may not always be able to give you access to all the personal information we hold about you. If this is the case, we will provide a written explanation of the reasons for our refusal, together with details of our complaints process for if you wish to challenge the decision.

We may not be able to give you access to information in the following circumstances:

  1. Where we reasonably believe this may pose a serious threat to the life, health of safety of any individual or to public health/safety;
  2. Which would unreasonably impact the privacy of another individual;
  3. Where such request is reasonably considered to be frivolous or vexatious;
  4. Which relates to existing or anticipated legal proceedings which would otherwise not be accessible in the discovery process relating to such proceedings;
  5. Which would reveal our intentions and thereby prejudice our negotiations with you;
  6. Which would be unlawful;
  7. Which is prohibited by law or a court/tribunal order;
  8. Which relates to suspected unlawful activity or serious misconduct, where access would likely prejudice the taking of appropriate action in relation thereto;
  9. Where enforcement activities conducted by or on behalf of an enforcement body may be prejudiced; or
  10. Where access would reveal details regarding a commercially sensitive decision-making process.

Correction of personal information

NexPay takes all reasonable steps to ensure the personal information held about individuals is accurate, up-to-date and complete. We verify personal information at the point of collection.

Where NexPay believes information we hold about an individual is inaccurate, out-of-date, incomplete, irrelevant or misleading, OR an individual requests us to correct information held about them, NexPay will take all reasonable steps to correct such information in a reasonable time frame. No fees are payable for such requests. If you request us to similarly advise a relevant third party of such correction, we will facilitate that notification unless impracticable or unlawful for us to do so.

If NexPay intends to refuse to comply with your correction request, we will notify you in writing of our reasons for such refusal, and the complaints process you may avail if you wish to challenge that decision. You may also request that we associate the personal information we hold with a statement regarding your view of its inaccuracy.

If you believe any of your personal information is incorrect, has changed, or is out-of-date please notify NexPay as soon as possible via email – support@nexpay.com.au or via phone 1300 786 320.

Security of personal information

We take reasonable steps and precautions to keep personal information secure from loss, misuse, and interference, and from unauthorised access, modification or disclosure

Personal information imaged and stored on electronic databases requires password access and access is restricted to authorised personnel.

Where information is no longer required to be held or retained by NexPay for any purpose or legal obligation, we will take all reasonable steps to destroy or de-identify the information accordingly.

Cookies

cookie is a small text file placed on your computer hard drive by a web page server. Cookies may be accessed later by our web server. Cookies may store information about your use of our web site. Cookies also allow us to provide you with more personalised service when using our web site.

Most web browsers are set to accept cookies but you may configure your browser not to accept cookies. If you set your browser to reject cookies you may not be able to make full use of the NexPay web site.

To administer and improve our Web site, we may use a third party to track and analyse usage and statistical volume information, including page requests, form requests, and click paths. The third party may use cookies to track behavior and may set cookies on behalf of us. These cookies do not contain any personally identifiable information.

Privacy Complaints

If you have a complaint relating to our compliance with privacy laws or our treatment of your personal information, please contact our Privacy Officer at the contact details above. We will investigate your complaint and endeavour to resolve the issue to your satisfaction. If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with the Office of the Australian Information Commissioner by telephoning 1300 363 992 or visiting their website at www.oaic.gov.au



European Union Privacy

Your Rights

This statement is made on behalf of NexPay Pty Ltd ACN 153 910 984 (“NexPay”). All references to “NexPay”, “we”, “us” or “our” in this policy are references to NexPay Pty Ltd and its subsidiaries.

In addition to the principles detailed in the NexPay Privacy Disclosure Statement & Consent (‘the policy’), NexPay is committed to protecting your privacy under legislation and best practice requirements across all jurisdictions in which it operates.

In offering its services to UK and EU based individuals, NexPay complies with, amongst other legislation, the General Data Protection Regulation (‘GDPR’) (EU Regulation 2016/679).

This addendum sets out the specific requirements for the processing of personal information under the GDPR requirements. Where no specific differences are detailed, ‘the policy’ provides the default approach and overriding principles.

The addendum is designed to inform customers in relation to the following principle rights:

  • Right of Access: the right to be informed of and request access to the personal data we process about you;
  • Right to Rectification: the right to request that we amend or update your personal data where it is inaccurate or incomplete;
  • Right to Erasure: the right to request that we delete your personal data;
  • Right to Restrict: the right to request that we temporarily or permanently stop processing all or some of your personal data;
  • Right to Object:
    1. the right, at any time, to object to us processing your personal data on grounds relating to your particular situation;
    2. the right to object to your personal data being processed for direct marketing purposes;
  • Right to Data Portability: the right to request a copy of your personal data in electronic format and the right to transmit that personal data for use in another party’s service; and
  • Right not to be subject to Automated Decision-making - the right to not be subject to a decision based solely on automated decision making, including profiling, where the decision would have a legal effect on you or produce a similarly significant effect.

The Addendum further informs EU based individuals of

  • What information we collect and the purposes for which we collect it;
  • Use and disclosure of information collected;
  • Security of your personal information;
  • Gaining access to information we hold about you;
  • What to do if you believe the information we hold about you is inaccurate;
  • Complaints in relation to privacy; and
  • How to contact us.

Personal Information

As mentioned in ‘the policy’, information generally collected by NexPay includes (but is not limited to) the following (depending on the nature of the service provided):

  • Your name, address, email and other contact details;
  • Relevant financial information;
  • Transaction purpose;
  • Identification and verification information;
  • Tax file numbers
  • Bank account information

This information is collected solely from you and will not be obtained from third party sources.

Processing:

In adherence to GDPR legislation, the above personal data is processed by NexPay for the following purposes:

  1. In order to allow your transactions and instructions to be processed and notification provided to you relating to the status of such. Also to allow your education agent and/or education provider to receive approved feedback from NexPay in relation to your transaction. The legitimate grounds for this processing is the performance of a contract to which you are a party.
  2. For the purposes of preventing fraud or criminal acts. The legitimate ground for this processing is the pursuing of the legitimate interest of NexPay to protect its businesses/interests against losses caused by fraud or criminal acts.
  3. In order to comply with NexPays legal obligations under applicable legislation relating to the fight against money laundering and the financing of terrorism or to comply with a request from law enforcement authorities and other legal or administrative authorities. The legitimate ground for this processing is the compliance with a legal obligation to which NexPay is subject or the processing is necessary for the performance of a task carried out in the public interest.

The provision of personal data is either a contractual or a statutory requirement and is obligatory since without this personal data NexPay cannot:

  1. enter into a contractual relationship with you or your agent,
  2. protect its own business/interests, or those of any other third party against losses caused by fraud,
  3. comply with legal obligations related to the fight against anti-money laundering and the financing of terrorism and comply with requests from law enforcement authorities and other competent legal authorities.

Communicating

NexPay will not communicate your personal data to third parties, except in the following limited circumstances:

  1. Communication by NexPay to any third party that is involved in the processing of the payment, its suppliers, subcontractors or other parties with whom NexPay has a contractual relationship and that provide services for / assistance to NexPay in the framework of:
    1. the performance of the agreement between you and NexPay, and/or
    2. fraud prevention or the prevention of criminal acts.
  2. To comply with its legal obligations, namely if NexPay is required by law to communicate certain information or documents to national regulators, law enforcement authorities or any judicial authority in the countries and territories in which it operates. Communication of personal data to those entities will be limited to the extent necessary or required under the applicable regulations.

NexPay will communicate your personal data to any organisation without your consent and where it is not used for the purposes specified. NexPay will also not provide you with direct marketing without your explicit consent and will not provide your personal data to any other direct marketing organisation.

Retention

NexPay will keep your personal data only as long as necessary to provide you with legitimate and essential business purposes or for complying with our legal obligations and resolving disputes.

If you request, we will delete or de-identify your personal data, unless we are legally required to maintain it, in which case we will let you know.

Transfer to other countries

NexPay may transfer your data outside of the EU and Switzerland to group companies, to provide you with effective services and support our contractual obligations to you. NexPay’s platform uses best in class encryption algorithms and protocols to secure your data, as well as strong multi-layered password protection.

To maintain continuity of service and effective contingency, NexPay data is hosted in multiple overseas locations managed by Microsoft Azure. Microsoft Azure is also fully compliant with GDPR regulations. It is policy for NexPay to ensure that all existing or prospective partners, that may host personal data, are similarly compliant.

NexPay is committed to protecting users personal data. We implement appropriate technical and organisational measures to help protect the security of your personal data; however, please note that no system is ever completely secure. We have implemented various policies including pseudonymisation, encryption, access, and retention policies to guard against unauthorised access and unnecessary retention of personal data in our systems.

Your password protects your user profile and we encourage you to use a unique and strong password, limit access to your computer and browser, and log out after having used the NexPay platform.

Children’s Data

NexPay does not knowingly collect from children under 16 years. If you are under 16 years of age please do not use NexPay and do not provide any personal data to us.

If you are a parent or guardian of a child under 16 years of age and become aware that your child has provided personal data to NexPay, please contact us though the support contact details in this addendum.

If we learn that we have collected the personal data of a child under the age of 16 years, we will take reasonable steps to delete the personal data.

Access to your Personal Data

You are entitled to access your data. If you would like to do so please contact the NexPay Privacy Officer by email at support@nexpay.com.au

Privacy Complaints

If you have a complaint relating to our compliance with privacy laws or our treatment of your personal information, please contact our Privacy Officer at support@nexpay.com.au or on the either of the following numbers

NexPay Limited UK : +44(0)1753 968063

NexPay Pty Ltd : +612 90787967

We will investigate your complaint and endeavour to resolve the issue to your satisfaction. If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.

The supervisory authority of the NexPay parent company (NexPay Pty Ltd) is The Office of the Australian Information Commissioner. Please visit their website at www.oaic.gov.au

Changes to this Notice

This addendum will be reviewed annually or as required under changes to the GDPR regulation.

Effective Date May 25th 2018