APCA is committed to protecting and maintaining the privacy, accuracy and security of an individual’s personal information.
This Privacy Statement describes how APCA manages the personal information that it may collect, hold, use or disclose for the purposes of its functions and activities.
APCA’s Role in Payments Industry
APCA exists to advance the common interest of members and the interests of the Australian public in improving the Australian payments system, through:
- enabling competition and innovation;
- promoting efficiency; and
- controlling risk.
As Australia’s leading payments industry representative organisation, it is our role to promote:
- thought leadership and advocacy;
- industry collaboration;
- self-regulation; and
- system-wide standards.
We work with government and public regulators and undertake our activities with transparency, fairness, rigour and integrity.
APCA is bound by the private sector provisions (other than the credit reporting provisions) of the Privacy Act 1988 (Cth) (“Privacy Act”).
Our policy is to comply with those provisions of the Privacy Act. This policy is made in accordance with Australian Privacy Principle 1, and describes APCA’s policies for handling personal information that we may collect, hold, use or disclose for the purposes of our functions and activities.
What personal information does APCA collect and hold?
The personal information we collect and hold may include your name, title, business address, other contact details and other information that we consider is reasonably necessary (such as information about your opinions, policies, statements and writings) so we can perform our legitimate functions and activities.
We will not collect sensitive personal information about you unless we have your express or implied consent or if the law otherwise permits it.
Personal information that we collect is stored or held securely by APCA or in archives maintained by a third party information storage provider.
How is personal information collected?
As well as collecting personal information from you directly or from our members, we collect personal information from oral sources, from correspondence and other written material either sent to us or from publicly available sources of personal information such as newspapers, electronic media, records of proceedings and public registers.
When you visit our website, your domain name is recorded in our logs. This information is used for statistical and web development purposes only. APCA also collects personal information from this website through receiving subscription applications and emails. APCA may use external service providers to analyse traffic on this website. Generally, information collected through such analysis is anonymous.
Where we consider that you may not be aware or would not have expected that we had collected personal information about you we will take such steps as are reasonable in the circumstances to let you know that we have collected the personal information, our purpose in collecting it, to whom we would usually disclose the information and whether it is likely that we would disclose the information to overseas recipients including the countries in which those recipients are located if it is practicable for us to specify those countries.
Purposes of collecting, holding, using and disclosing personal information
In general, APCA will use and disclose your personal information for the following purposes:
- to conduct APCA’s business;
- to provide APCA’s services;
- to communicate with you and to facilitate communication between members; and
- to help APCA manage and enhance its services.
Specific purposes include:
- to enable us to communicate with our members and other organisations and individuals involved in the payments industry; and
- to identify, understand and respond to policies, ideas, attitudes and opinions of those parties in representing the interests of our members.
Disclosure of personal information
We may disclose personal information to:
- our members;
- those organisations as required or authorised by law; and
- external parties such as: your representatives, including your legal advisers;
- our representatives, such as our legal advisers;
- service providers such as printers and posting services and organisations involved in the provision and maintenance of our business systems and infrastructure; and
- those organisations where you have consented.
APCA works closely with other payments industry representative organisations and associations in other countries. Disclosures may occur outside Australia to overseas recipients in which case we will observe the applicable Australian Privacy Principles.
Otherwise, in connection with any specific occasion on which such a disclosure may occur, at or before the time we collected your personal information, it would not be practicable for us to specify the countries in which these recipients are likely to be located.
Where your personal information is disclosed, we will seek to ensure that the information is held, used or disclosed consistently with the applicable Australian Privacy Principles and other applicable privacy laws and codes.
Management of personal information
We will keep your personal information securely, having regard to its nature and source. Arrangements are in place to safeguard the information against unauthorised access, modification, disclosure and interference and from loss and misuse.
We will destroy or permanently de-identify your personal information we are holding when it is no longer needed for the purpose for which we collected it. When we destroy your personal information we will ensure that this is carried out properly and securely.
We train our staff about the requirements of the Privacy Act and the need for compliance with the Privacy Act. Additionally, we have a designated person within our office, the Head of Regulation, who is responsible for our overall compliance with the Privacy Act and this policy.
If you would like more information about how we manage your personal information please contact us (see “Contact details” below).
Access to personal information
You may request access to your personal information that we are holding (see “Contact details” below). Before giving you access we may need to establish your identity by sighting some form of identification or asking you some questions.
You may ask us to correct your personal information that we are holding if you believe it is incomplete, inaccurate, irrelevant, out of date or misleading.
This access is subject to some exceptions allowed by law. For example, we can deny you access where access would:
- be unlawful;
- pose a serious threat to the life, safety or health of an individual or to public health or safety;
- have an unreasonable impact on the privacy of others;
- involve disclosure of a commercially sensitive decision making process;
- prejudice enforcement activities such as criminal proceedings or negotiations with you; or
- reveal certain information relevant to legal dispute resolution proceedings.
We may also deny your request for access if it is frivolous or vexatious.
We will give you reasons if we deny your request.
Complaints about privacy
If you believe APCA has breached its obligations under the Privacy Act, you may complain to the Head of Regulation at APCA.
Your complaint may be made by telephone, mail, email or fax (see “Contact details” below).
We will acknowledge receipt of your complaint within 2 business days and will attend to your complaint and endeavour to resolve it within 14 business days.
If, after this, you are not satisfied with the outcome, you are entitled to complain to the Federal Privacy Commissioner.
The office of the Privacy Commissioner can be contacted on 1300 363 992 or go to the Commissioner’s website at http://www.oaic.gov.au/about-us/contact-us-page
We are unable to handle or assist you with a privacy complaint involving a financial institution which is an APCA member.
If you have a privacy complaint about an APCA member, you should make your complaint directly to the financial institution concerned.
Head of Regulation
Telephone: (02) 9216 4888
Head of Regulation (Privacy)
Australian Payments Clearing Association Limited
Level 6, 14 Martin Place
SYDNEY NSW 2000
Fax: (02) 9221 8057
Need more information?
If you would like more information about privacy and the Privacy Act (including the Australian Privacy Principles), you can access the Privacy Commissioner’s website at http://www.oaic.gov.au/privacy/privacy-news