1.1 All emails, documents, images, or other recorded information held or used by the Supplier is Personal Information, as defined and referred to in clause 21.3, and therefore considered Confidential Information. The Supplier acknowledges its obligation in relation to the handling, use, disclosure and processing of Personal Information pursuant to the Privacy Act 1988 (“the Act”) including the Part IIIC of the Act being Privacy Amendment (Notifiable Data Breaches) Act 2017 (NDB) and any statutory requirements, where relevant in a European Economic Area (“EEA”), under the EU Data Privacy Laws (including the General Data Protection Regulation “GDPR”) (collectively, “EU Data Privacy Laws”). The Supplier acknowledges that in the event it becomes aware of any data breaches and/or disclosure of the Client’s Personal Information, held by the Supplier that may result in serious harm to the Client, the Supplier will notify the Client in accordance with the Act and/or the GDPR. Any release of such Personal Information must be in accordance with the Act and the GDPR (where relevant) and must be approved by the Client by written consent, unless subject to an operation of law.
1.2 Notwithstanding clause 21.1, privacy limitations will extend to the Supplier in respect of Cookies where the Client utilises the Supplier’s website to make enquiries. The Supplier agrees to display reference to such Cookies and/or similar tracking technologies, such as pixels and web beacons (if applicable), such technology allows the collection of Personal Information such as the Client’s:
(a) IP address, browser, email client type and other similar details;
(b) tracking website usage and traffic; and
1.3 The Client agrees that the Supplier may exchange information about the Client with those credit providers and with related body corporates for the following purposes:
(a) to assess an application by the Client; and/or
(b) to notify other credit providers of a default by the Client; and/or
(c) to exchange information with other credit providers as to the status of this credit account, where the Client is in default with other credit providers; and/or
(d) to assess the creditworthiness of the Client including the Client’s repayment history in the preceding two (2) years.
1.4 The Client consents to the Supplier being given a consumer credit report to collect personal credit information relating to any overdue payment on commercial credit.
1.5 The Client agrees that personal credit information provided may be used and retained by the Supplier for the following purposes (and for other agreed purposes or required by):
(a) the provision of Goods; and/or
(b) analysing, verifying and/or checking the Client’s credit, payment and/or status in relation to the provision of Goods; and/or
(c) processing of any payment instructions, direct debit facilities and/or credit facilities requested by the Client; and/or
(d) enabling the collection of amounts outstanding in relation to the Goods.
1.6 The Supplier may give information about the Client to a CRB for the following purposes:
(a) to obtain a consumer credit report;
(b) allow the CRB to create or maintain a credit information file about the Client including credit history.
1.7 The information given to the CRB may include:
(a) Personal Information as outlined in 21.3 above;
(b) name of the credit provider and that the Supplier is a current credit provider to the Client;
(c) whether the credit provider is a licensee;
(d) type of consumer credit;
(e) details concerning the Client’s application for credit or commercial credit (e.g. date of commencement/termination of the credit account and the amount requested);
(f) advice of consumer credit defaults (provided the Supplier is a member of an approved OAIC External Disputes Resolution Scheme), overdue accounts, loan repayments or outstanding monies which are overdue by more than sixty (60) days and for which written notice for request of payment has been made and debt recovery action commenced or alternatively that the Client no longer has any overdue accounts and the Supplier has been paid or otherwise discharged and all details surrounding that discharge (e.g. dates of payments);
(g) information that, in the opinion of the Supplier, the Client has committed a serious credit infringement;
(h) advice that the amount of the Client’s overdue payment is equal to or more than one hundred and fifty dollars ($150).
1.8 The Client shall have the right to request (by e-mail) from the Supplier:
(a) a copy of the Personal Information about the Client retained by the Supplier and the right to request that the Supplier correct any incorrect Personal Information; and
(b) that the Supplier does not disclose any Personal Information about the Client for the purpose of direct marketing.
1.9 The Supplier will destroy Personal Information upon the Client’s request (by e-mail) or if it is no longer required unless it is required to fulfil the obligations of this Contract or is required to be maintained and/or stored in accordance with the law.
1.10 The Client can make a privacy complaint by contacting the Supplier via e-mail. The Supplier will respond to that complaint within seven (7) days of receipt and will take all reasonable steps to reach a decision on the complaint within thirty (30) days of receipt of the complaint. If the Client is not satisfied with the resolution provided, the Client can make a complaint to the Information Commissioner at www.oaic.gov.au.