Refundid Pty Ltd

Privacy Policy

1.1 Privacy Framework

Refundid Pty Ltd ACN 642 621 770 (Refundid) recognises the importance of privacy and is committed to the management and handling of Personal Information and Sensitive Information (as those terms are defined in the Australian Privacy Act 1988 (Cth) (Privacy Act)) in an open and transparent way in compliance with the Privacy Act and this policy creates a framework to ensure that any Personal Information Refundid holds is collected, used, stored and disclosed in accordance with the Australian Privacy Principles in the Privacy Act.

This Privacy Policy applies in respect of Personal Information Refundid collects when you sign up for, access, or use Refundid’s services, features and in relation to Personal Information we may otherwise collect during the course of our business as set out in this Privacy Policy. Refundid may amend the Privacy Policy at any time, with effect from the time the updated version is posted on Refundid’s website.

Your Personal Information is held securely in accordance with this Privacy Policy and privacy laws and is treated with respect and care. You have the right to contact us to access or correct your Personal Information. We encourage you to contact us if you have questions or concerns about your privacy or how your Personal Information is handled by Refundid.

Please notify Refundid in writing if you are currently, or in the future become, a resident of the European Union, so that Refundid can assess whether any Personal Information it holds falls within the scope of the GDPR.

2.1 What Personal Information does Refundid collect?

Refundid may collect, hold, use and disclose information about individuals who may be customers, merchants, job applicants, business contacts and others. Depending on who you are, we may collect Personal Information for purposes including:

  • Contacting and communicating with you
  • Providing you with services
  • Verifying your identity
  • Processing payments by or to you
  • Responding to queries and complaints made by you
  • Providing you with information relating to Refundid's services and activities
  • Obtaining your feedback
  • Marketing and business development
  • Business analytics
  • Assessing you for job applications
  • For Refundid's general business operations (eg maintenance of business records, compliance with legal and insurance obligations and statistical purposes)
  • Fraud management purposes, including assessing individuals' fraud risk.

If you do not provide us with requested Personal Information, Refundid may not be able to provide you with services (or in the case of job applicants, assess your suitability for a role).

The information Refundid typically collects and holds is detailed below.

2.2 Customers
  • Information obtained when you access Refundid’s websites
  • Information used for customer identity verification such as full name, date of birth and which may also include, drivers’ license number and state of issue, passport number and country of issue, Medicare card details (card colour, card number, individual reference number, expiry date)
  • Customer contact details – address, email, phone number
  • Bank account details- BSB, account number, account name, bank name
  • Customer order details – products, order number, total cost, date of purchase, date of return, tracking details for product return
  • Financial and other information obtained from credit checks and reports
  • Responses to customer surveys
2.3 Merchants
  • Identification information such as merchant business name, trading name, ABN
  • Contact information for relevant personnel, including telephone number(s) and email address(es)
  • Product return details – address, current returns policy details
  • eCommerce – platform(s) used, merchant details required to access platform(s)
  • Business information – average order value, historical percentage of product returns
  • Bank account details – BSB, account number, account name, bank name
  • Financial and other information obtained from credit checks and reports
  • Responses to merchant surveys and other queries
2.4 Other Business Contacts
  • Name, business address, ABN
  • Contact information for relevant personnel, including telephone number(s) and email address(es)
  • Work, professional and employment references, reports and assessments
  • Information from public domain websites such as LinkedIn and lead generation services such as Rocket Reach
  • Financial and other information obtained from credit checks and reports
2.5 Job Applicants

The types of Personal Information Refundid collects from job applicants, including for both employment and contract positions, may include:

  • Employment history and qualifications
  • Contact information, including email address, phone number(s) and residential address
  • Opinions about suitability for employment from referees and previous employers
  • Taxation and banking details and superannuation fund details
  • Information from public domain and social media websites such as Linkedin
  • Information obtained when you access Refundid’s websites
  • Identification information, such as driver’s licence/passport details and date of birth

Job applicants have the right to not disclose Personal Information, however Refundid may not be able to assess a candidate’s suitability for employment when it does not receive all necessary information. Refundid will only disclose the Personal Information of job applicants to third parties with the consent of the job applicant, or as otherwise permitted in limited circumstances by law. All applications received by Refundid are filed and kept in Refundid’s human resources files. Once a position has been filled, Personal Information collected from applicants who do not commence employment or a contract position with Refundid (including bank account details, driver’s licence/passport, Tax File Number, superannuation fund details, next of kin) will not be retained. Personal Information collected from successful applicants may be retained as employee records

3.1 How Will Refundid Collect Your Personal Information

Wherever possible, Refundid will collect Personal Information about you directly from you in the course of your dealings with Refundid, including email communications, chat communications through the Refundid website, when you fill out forms on Refundid's website, and collected via other forms which we may email to you, such as Google forms. Nevertheless, on some occasions Refundid may collect your Personal Information from other sources, such as:

  • Third party agents or data providers
  • Retailers
  • Public domain websites on the Internet
  • Publicly available directories and listings
  • Newspapers, magazines, professional journals and the electronic media
  • The date, time and domain from which you access Refundid’s website
  • Personal interactions and/or communications with Refundid employees and/or contractors
  • Databases purchased from an external provider

Personal information about you which Refundid collects and holds may vary depending on your particular interaction with Refundid and will be for a legitimate business purpose. This may include financial and other Sensitive Information.

3.2 Collection of Your Personal Information Through Refundid’s Website

Refundid's website provides for direct input by you of Personal Information under some circumstances. In addition, Refundid's websites make use of ‘cookies' which are small text files that are stored in the visitor's local browser cache. This enables recognition of the visitor's browser to optimise the website and simplify its use. Most browsers are set up to accept these cookies automatically, however you can deactivate the storing of cookies or adjust your browser to inform you before the cookie is stored on your computer. Data collected via cookies will not be used to determine the personal identity of the website visitor.

Refundid's website automatically collects non-personally-identifying information from web browsers and servers, such as the browser type, language preference, referring site, and the date and time of each visitor request. This assists Refundid better understand how visitors use its website. Refundid may release aggregated non-personally-identifying information and may use third-party services such as Google Analytics to collect and store this information.
Refundid expects to increasingly make use of web analytics, including analysis by third party service providers. Any information provided by Refundid to the service providers is technical and non-personally-identifying information, and may include IP addresses. Neither Refundid nor the service providers have any interest in an individual's browser activities and will not use the information to identify website visitors or take any action targeted to individuals without having obtained that person's consent.

3.3 How Will Refundid Hold, Use and Disclose Your Personal Information

Refundid will only use and disclose Personal Information collected from you:

  • for the purposes for which it was collected
  • for secondary purposes closely related to the primary purposes in circumstances where you would reasonably expect such use or disclosure;
  • as required or permitted by law; and
  • if you otherwise consent to its use or disclosure.

Refundid may disclose your Personal Information to third parties in the course of any of the uses described above, including to:

  • related businesses and third-party service providers for routine business purposes such as order collection, refund processing, marketing, data processing and validation, data storage or archiving, printing and mailing. Refundid will use only reputable third party service providers and will ensure that it enters into appropriate contractual provisions with service providers to safeguard your privacy.
  • third party providers for identity verification purposes
  • retailers, such as when Refundid provides shipping tracking information and alerts the retailer that a customer has been paid
  • debt collectors
  • Refundid's legal providers
  • Third party providers for shipping-related purposes
  • Third party providers for payment processing
  • Third party providers who provide communications services

With your consent, Refundid will use your information for marketing purposes, which may include information relating to our services, or to retailers we work with.

Refundid’s retailers (which may include online market places), third party suppliers and commercial partners are independent of Refundid and are responsible for their own privacy policies and privacy practices. Please contact such third parties directly for further information on their privacy policies.

3.4 Overseas Recipients

Refundid may transfer your Personal Information to Refundid service providers located outside of Australia in countries including the United States of America. Under these circumstances, your Personal Information will always be stored in a secure manner which is at least as robust as the practices followed by Refundid in Australia.

4.1 Data Security

Refundid may hold and store Personal Information in electronic or hard copy form.

Refundid uses technical and organisational security precautions to protect your data from misuse, interference or loss and from unauthorised access, modification or disclosure. Refundid’s CyberSecurity procedures are continuously revised based on new technological developments to ensure that any Personal Information that is provided to Refundid by you through Refundid’s systems will be protected against possible misuse by third parties. In the event of an actual or suspected data breach, Refundid will follow the procedures outlined in its Mandatory Data Breach Response Plan, including

  • containing the data breach
  • conducting a risk assessment to assess the severity rating of a suspected or known data breach
  • assessing whether an Eligible Data Breach has occurred.

If an Eligible Data Breach has occurred, Refundid may report the data breach to third parties as required by the Privacy Act, or to other Refundid business partners or service providers. Refundid will contact you if you have been personally impacted by an Eligible Data Breach.

4.2 Data Retention

Refundid will maintain your Personal Information for as long as is necessary to fulfil the purposes for which it was collected and for additional legal purposes related to Refundid’s legitimate business interests. Generally Personal Information will be retained for 7 years from the last date of any transactions or agreements entered into between you and Refundid, for purposes relating to insurance, corporate governance, compliance with laws, resolution of disputes, risk mitigation and business analytics. After it is no longer needed for these purposes Refundid will take reasonable steps to destroy or permanently de-identify your Personal Information.

4.3 Data Access and Correction

You may request access to Personal Information Refundid holds about you at any time. Generally, Refundid will provide you with access, except in limited circumstances where the Privacy Act permits Refundid to deny access.

If you believe your Personal Information is inaccurate, out of date, incomplete, irrelevant or misleading, you may request to have it corrected and Refundid will do so in compliance with the Privacy Act.

Requests to access or correct Personal Information should be sent to the Privacy Officer. Please provide as much detail as possible to assist in the location of information Refundid may be holding about you, such as your name, contact details, any former name(s), and if possible the context, for example, your relationship with Refundid. Please specify if you are seeking access to specific Personal Information.

Refundid will respond to your request within 30 days of receipt or within any further time notified to you in writing.

4.4 Deletion of Data

You may notify Refundid at any time if you do not wish Refundid to retain your Personal Information. Refundid will comply with all such requests wherever practicable and lawful.

5.1 European General Data Protection Regulation (GDPR)

If you are a European resident, Refundid may be subject to GDPR in relation to Personal Information it holds about you. Accordingly, we request that you notify us if you are a European resident when you transfer your Personal Information to us or if you are aware that we are collecting your Personal Information. Your Personal Information will still be subjected to the same information security standards as are applied to all Personal Information held by Refundid and its global affiliates. However, we may manage your Personal Information in a different manner to take account of data portability entitlements and other GDPR-specific requirements.

6.1 Complaints

All complaints regarding your Personal Informational should be made in writing to Refundid’s Privacy Officer. Refundid will respond to your complaint within 30 days of receipt of your correspondence or within any further time notified to you in writing.

If you are not satisfied with the outcome of the response you receive, we can refer you to the Office of the Australian Information Commissioner (as applicable) for further investigation.

6.2 Privacy contact information

All requests relating to access, correction or deletion of Personal Information, or any other information relating to Refundid’s Privacy Policy should be made in writing to:

The Privacy Officer
Refundid Pty Ltd

Email: [email protected]