This policy covers Smartgroup Corporation Ltd and its related bodies corporate (“Smartgroup”, “we” or “us”), including Smartgroup Benefits Pty Ltd, Smartfleet Management Pty Ltd, Smartsalary Pty Limited (including Smartleasing, which is a registered business name of Smartsalary Pty Ltd), PBI Benefit Solutions Pty Ltd, Smartsalary Software Solutions Pty Ltd, Salary Packaging Solutions Pty Ltd, AccessPay Pty Ltd, Autopia Management Pty Ltd and Selectus Pty Ltd (as updated from time to time).
We understand how important it is to protect your personal information. This policy sets out how Smartgroup collects, uses, discloses and holds personal information.
When we refer to personal information, we mean information about reasonably identifiable individuals. This may include information or an opinion about individuals, whether true or not.
The kinds of personal information we may collect about you include:
We may also collect additional information about you depending on the products and services provided:
We may collect your sensitive information only to the extent it is necessary to administer our products or services to you, to assess your application for employment or for employment purposes, and only with your consent. Sensitive information includes membership of professional or trade associations or unions, membership of a political association, or health information or and, in an employment context, your criminal history, racial or ethnic origin, religious beliefs and sexual orientation.
Where reasonable and practical we will collect your personal information directly from you, such as via application or enquiry forms or other documents that you submit to us; when you contact us via phone, email or our websites or social media accounts; when you attend one of our events; or when you submit a CV or application for employment to us. If you do not provide the information requested by us, we may not be able to provide you with our products or services or respond to your enquiry.
Depending on the product or service provided or your relationship with us, we may also collect your personal information from third parties, for example, from your employer, your employer’s outgoing salary packaging service provider or your financial planner. If you are applying to work for us, we may collect personal information through recruitment companies, websites, other organisations and referees with your consent. We may also collect your personal information from our related bodies corporate, where we are permitted under law to do so or have otherwise obtained your consent.
If you provide personal information to us about someone else, you must ensure that you are entitled to disclose that information to us and that, without us taking any further steps required by privacy laws, we may collect, use and disclose such information for the purposes described in this Privacy Policy. For example, you should take reasonable steps to ensure the individual concerned is aware of the various matters detailed in this Privacy Policy. The individual must also provide the consents set out in this Privacy Policy in respect of how we will deal with their personal information.
We use your personal information for the purpose for which it has been provided, reasonably related secondary purposes which are within the contemplation of the parties (and are directly related if the information is sensitive information), any other purpose you have consented to and any other purpose permitted under the Privacy Act 1988 (Cth). This may include using your personal information for the following purposes:
We disclose your personal information for the purpose for which it has been provided, reasonably related secondary purposes which are within the contemplation of the parties (and are directly related if the information is sensitive information), any other purpose you have consented to and any other purpose permitted under the Privacy Act. Depending on the product or service we are providing to you, or your relationship with us, we may disclose your personal information:
One of the ways we store and manage information (including personal information) is by using cloud computing, where servers are based overseas, including in the USA. We may also manage information (including personal information) in the Philippines for the sole purpose of performing our services. We take reasonable steps to maintain the security of your information and to ensure your information is treated in accordance with the standards that apply in Australia.
We may from time to time use your personal information to provide you with current information about loans, insurance products, special offers you may find of interest, changes to our organisation, or new products or services being offered by us, our related bodies corporate or any other company we are associated with. By providing us with your information, you consent to receiving such information, including by phone, email, SMS and social media, on an ongoing basis until you unsubscribe. We will not use or disclose sensitive information about you for direct marketing purposes unless you have consented to that kind of use or disclosure.
If you do not wish to receive marketing information, you may at any time decline to receive such information by contacting us. Contact details are set out at section 11 of this policy. If the direct marketing is by email you may also use the unsubscribe function and if the direct marketing is by SMS you may reply 'STOP' to opt out. We will not charge you for giving effect to your request and will take all reasonable steps to meet your request at the earliest possible opportunity.
Please refer to our Terms of Use available here for information on how we use cookies on our websites and online advertising.
Your IP address is the identifier for your computer when you are using the internet. It may be necessary for us to collect your IP address for your interaction with various parts of our website.
You can request to access your personal information we hold at any time. Depending on the volume or difficulty in obtaining the information, we may charge a fee that covers our costs.
An initial response will be provided to you within 7 days from your request, and the outcome of the investigation given in 30 days. There may be situations where we are not required to provide you with access to your personal information, and we will set out the reasons for this. An example of this would be where the information related to existing or anticipated legal proceedings, or if your request was vexatious.
You may also request to correct any of your personal information we hold if it is incorrect, inaccurate or out of date. We will generally rely on you to assist us in informing us if the information we hold about you is inaccurate or incomplete.
Depending on the request we may update your personal information immediately, or we may provide an initial response to you within seven days of receiving your request. Where reasonable, and after our investigation, we will provide you with details about whether we have corrected the personal information within 30 days from your initial request. We may have to consult with external entities as part of your request to access or correct your personal information.
If we collect government related identifiers, such as your driver's licence number or tax file number, we do not use or disclose this information other than to the extent required or authorised by law. For instance, we will never adopt your tax file number as your account number to identify you.
In most circumstances, it will be necessary for us to identify you in order to successfully do business with you. However, where it is lawful and practicable to do so, we will offer you the opportunity of doing business with us without you providing us with personal information, for example where you make general enquiries about our products or services, or any special offers.
We may store your personal information in paper or electronic form. We take reasonable steps to protect any personal information from misuse, interference, loss and unauthorised access, modification or disclosure. Some of the steps that we take to protect personal information include, but are not limited to, the following:
When the information is no longer needed for any purpose for which the information may be used or disclosed, it will be destroyed or permanently de-identified.
If you are dissatisfied with how we have dealt with your personal information, or have a complaint about our compliance with the Privacy Act, you may contact us using the details in clause 11. We will acknowledge your complaint within seven days and provide you with a decision on your complaint within 30 days. If you feel your complaint is still not resolved adequately after discussion with us, you may then contact the Office of the Australian Information Commissioner on http://www.oaic.gov.au/privacy/privacy-complaints.
If you have any questions about how we handle your personal information, contact our Privacy Officer by phone on 1300 476 278, via email at privacy@smartgroup.com.au or at:
Privacy Officer
Smartgroup Corporation Ltd
GPO Box 4244, Sydney NSW 2001
We are constantly reviewing all of our policies and attempt to keep up to date with market expectations. As a consequence, we may change this privacy policy from time to time or as the need arises.
Last updated: 24 April 2024