1.1. As a financial services company, Eziway Salary Packaging (Eziway) collects and stores personal data. In doing so we ensure your data is used and stored in compliance with the Privacy Act 1988 [Cwlth] including the Notifiable Data Breaches (NDB) scheme which came into effect in February 2018 as part of the Act. We further commit that all the processes which deal with personal data are transparent. This policy explains:
2.1. Eziway is located at 1/99 Bald Hill Rd, Pakenham Victoria 3180.
2.2. Enquiries about your data should be referred to our Data Protection Officer, Jeemaan Mougharbel, at:
2.3. We are a specialist provider of salary packaging and novated leasing services to Australian employers with an FBT-exemption for tax purposes.
3.1. We process your personal data when we understand that you are interested in purchasing our products or services. In this section, we provide information about how we will manage your personal data.
3.2. What data we hold and how we obtain it:
3.2.1. We will obtain information about you when you enquire about our products or services. Typically, this information is full name, email address, date of birth, address, payroll ID.
3.2.2. If you visit our websites we may automatically collect information including browser and operator system details, the website from which you came to our website, the pages you visit on our website, the date of your visit, and the Internet protocol (IP) address assigned to you by your internet service provider. We collect some of this information using cookies—please refer to Section 5: Cookies for further information. We may also collect personal information that you allow to be shared as part of your public profile on a third-party social network.
3.2.3. If you use our web chat function, we will keep a record of our communications.
3.2.4. Sometimes you will have sent your information directly to us, but you may have provided your information to third parties including your employer and funding providers who, in turn, may provide the information to us.
3.3. How we use your personal data and under what lawful basis.
3.3.1. Where you have given written consent, we:
3.3.2. Where we are required to do so to meet our contractual requirements to your employer, we may process your information for maintaining records, providing settlement fees or other similar activities.
3.3.3. We may process your information to comply with our legal obligations including assisting government agencies such as the Australian Tax Office and State and Federal police.
3.3.4. We may process your information to allow us to pursue our legitimate interests including:
3.4. Will we share your personal data with third parties?
3.4.1. We may at times share your data with companies within our group including: Eziway Leasing Pty Ltd, Eziway Software Solutions Pty Ltd and Eziway Payroll Pty Ltd.
3.4.2. We may disclose your information to third-party service providers for the purpose of providing services to us or directly to you on our behalf. Third-party businesses may include payment card providers and financiers. When we use third-party service providers, we only disclose personal information necessary for them to provide an effective service. We have Service Level Agreements in place with providers that require them to secure your information and not to use it other than in accordance with our specific instructions.
3.4.3. If we sell all or part of our business to a third party, we may transfer your information to that party to ensure continuity of service or for any of the other purposes noted above.
3.4.4. We may transfer your data to government or other official bodies for the purposes of complying with legal obligations or for the prevention or detection of crime.
3.5. How long do we keep your data?
3.5.1. If you have expressed an interest in buying products from us or from our selected partners, we will retain your contact details and related information concerning your enquiry for two years from the date that we last had contact with you.
3.5.2. If you have purchased products from us or from our selected partners, we will keep the data relating to that purchase for seven years from the date of the contract.
3.5.3. Records of any discussions through our web chat facility will be kept for one year.
3.5.4. If you have requested that we do not send you marketing information we will always retain sufficient information to ensure that we comply with your request.
3.5.5. The periods stated in this section may be extended if we are required by law to keep your data for a longer period.
4.1. The information that you send to us may be transferred to countries outside Australia. By way of example, this may happen where the servers of our third-party service providers are from time-to-time located in a country outside Australia.
4.2. If we transfer your information outside of Australia in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected. These measures include imposing contractual obligations on the recipient of your personal information or ensuring that the recipients subscribe to international frameworks that aim to ensure adequate data protection. Please contact us if you would like more information about the protections that we put in place.
4.3. If you use our services while you are overseas, your information may be transferred outside Australia to provide you with those services.
5.2. You can set your browser not to accept cookies; however, some of our website features may not function as a result.
5.3. Our website uses Google Analytics, a service which transmits website traffic data to Google servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage usage.
6.1. We have adopted appropriate technical and organisational measures to protect the personal data we collect and use having regard to the state of the art, the nature of the data stored and the risks to which the data is exposed to human action or the physical or natural environment. However, as effective as our security measures are, no security system is impenetrable. We cannot guarantee the security of our database.
6.2. The transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use procedures and security features to prevent unauthorised access.
6.3. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
8.1. Your right to access data
8.1.1. We remain open and allow people access to their personal information. Where we hold your personal data, you can make a ‘subject access request’ to us and we will provide you with:
8.1.2. If you would like to make a ‘subject access request’ please make it in writing to our contact email address noted in section 2.2 and mark it clearly as ‘Subject Access Request’.
8.1.3. If you agree, we will deal with your request informally, for example by providing you with the specific information you need over the telephone once we have identified you securely in accordance with our ‘Know your Customer’ process.
8.1.4. Unless you agree a different time, we will complete your subject access request within five business days.
8.2. Right to stop marketing messages
8.2.1. You have the right to opt out of receiving marketing emails and phone calls from Eziway. We will update your marketing preferences on your personal record within 1 business day of receipt of an email or phone call from you giving this direction. Our contact details are shown in section 2.2.
8.3. Right to be forgotten
8.3.1. If we hold personal data about you, but it is no longer necessary for the purposes that it was collected and cannot otherwise be justified, you have the right to request that we delete the data. Our contact details are shown in section 2.2. Data will be deleted within 5 business days of your request.
8.4. Right to restrict data
8.4.1. If we hold personal data about you and you believe it is inaccurate, you have the right to request us to restrict the data until it is verified. Our contact details are shown in section 2.2. Data will be restricted within 1 business day of your request.
8.5. Transferring your personal data
8.5.1. Where we rely on your consent as the legal basis for processing your personal information or need to process it in connection with your contract, as set out in section 3.3, you may ask us to provide you with a copy of that information in a structured data file. We will provide this to you electronically in a structured, commonly used and machine-readable form, such as a CSV file.
8.5.2. You can ask us to send your personal information directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information
8.6. Right to complain
8.6.1. If you believe that your data security rights as they have been explained to you, have been breached, you can complain to the Office of the Australian Information Commissioner, a Federal Government agency concerned with your rights in these matters.
9.1. This policy was last updated on 13 May 2019.