EXAPI (ACN 163 569 462) (referred to as ‘EXAPI’, ‘we’, ‘our’, ‘us’) recognises the importance of ensuring the confidentiality and security of your personal information.
EXAPI is bound by the Australian Privacy Principles (‘APPs’) and the Privacy Act 1988 (‘Privacy Act’). This Policy outlines EXAPI’s practices, procedures and systems to manage and protect your personal information in accordance with the Privacy Act and the APPs.
All third parties (including customers, suppliers, sub-contractors, or agents) that have access to or use personal information collected and held by EXAPI must abide by this Policy.
Copies of this Policy are available free of charge by contacting the Privacy Officer or can be downloaded from our website: www.exapi.com.
In this Policy:
‘Disclosing’ information means providing information to persons outside EXAPI;
‘Personal information’ means information or an opinion relating to an individual, which can be used to identify that individual;
‘Privacy Officer’ means the contact person within EXAPI for questions or complaints regarding EXAPI’s handling of personal information;
‘Sensitive information’ is personal information that includes information relating to a person’s racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, sexual preferences and criminal record, and also includes health information; and
‘Use’ of information means use of information within EXAPI.
2. WHAT KIND OF PERSONAL INFORMATION DO WE COLLECT AND HOLD?
We may collect and hold a range of information about you to provide you with our services, including:
address and other contact information;
date of birth;
currency trading preferences.
3. HOW WE COLLECT PERSONAL INFORMATION
We generally collect personal information directly from you. For example, personal information will be collected when you sign up to receive email rate alerts, visit our website, call us or send us correspondence.
EXAPI will not collect sensitive information about you without your consent unless an exemption under the APPs applies and consent is not required. These exceptions include if the collection is required or authorised by law or necessary to take appropriate action in relation to suspected unlawful activity or serious misconduct.
If you don’t provide us with the personal information we request, we may not be able to provide you with the benefit of our foreign exchange rate comparison services, or meet your needs appropriately.
EXAPI does not give you the option of dealing with us anonymously, or under a pseudonym. This is because it is impractical for EXAPI to deal with individuals who are not identified.
4. UNSOLICITED PERSONAL INFORMATION
EXAPI may receive unsolicited personal information about you. We destroy all unsolicited personal information we receive, unless it is relevant to EXAPI’s purposes for collecting personal information.
5. ABOUT WHOM DO WE COLLECT PERSONAL INFORMATION?
The personal information we may collect and hold includes (but is not limited to) personal information about the following individuals:
visitors to our website;
service providers or suppliers; and
other third parties with whom we come into contact.
6. WHY DOES EXAPI COLLECT PERSONAL INFORMATION?
We may use and disclose the information we collect about you so that we may:
provide you with foreign exchange rate comparison services;
let you know about other products or services we offer, send you information about special offers or invite you to events;
protect our business and other customers from fraudulent or unlawful activity;
conduct our business and perform other management and administration tasks;
consider any concerns or complaints you may have and manage any legal actions involving EXAPI;
comply with relevant laws, regulations and other legal obligations; and
help us improve the services offered to our customers, and continually enhance our business.
EXAPI may also use and disclose personal information for reasonably expected secondary purposes which are related to the primary purposes set out above and in other circumstances authorised by the Privacy Act.
Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agrees otherwise, or where certain other limited circumstances apply (e.g. if required by law).
7. TO WHOM MIGHT WE DISCLOSE PERSONAL INFORMATION?
We may disclose personal information to:
a related entity of EXAPI;
an agent, professional advisor or service provider we engage to carry out our functions and activities, such as foreign exchange contract issuers, money remitters, lawyers, accountants, IT managers, and marketing companies;
foreign exchange contract issuers or other financial service providers;
organisations involved in a transfer or sale of all or part of our assets or business;
financial institutions involved in managing our payments, as banks;
regulatory bodies, government agencies, law enforcement bodies and courts; and
anyone else to whom you authorise us to disclose it or as required by law.
8. SENDING INFORMATION OVERSEAS
We use cloud computing services which means your personal information may be stored on web servers located overseas. These servers may be located in the United States, Brazil, Europe or Asia. We do not disclose your personal information to other overseas recipients.
We will not disclose your personal information to overseas recipients without your consent unless:
we have taken reasonable steps to ensure that the recipient does not breach the Act, or the APPs; or
the recipient is subject to a similar information privacy regime.
9. MANAGEMENT OF PERSONAL INFORMATION
EXAPI recognises the importance of securing the personal information of our customers. We will at all times seek to ensure that the personal information we collect and hold is protected from misuse, interference, or loss, and unauthorised access, modification or disclosure.
Personal information is generally held in a computer database. Any paper files are stored in secure areas. In relation to information is held on our computer database, we apply the following guidelines:
passwords are required to access the system and passwords are routinely checked;
data ownership is clearly defined;
we change employees’ access capabilities when they are assigned to a new position;
employees have restricted access to certain sections of the system;
the system automatically logs and reviews all unauthorised access attempts;
the system automatically limits the amount of personal information appearing on any one screen;
unauthorised employees are barred from updating and editing personal information;
all personal computers which contain personal information are secured both physically and electronically;
data is encrypted during transmission over the network; and
print reporting of data containing personal information is limited.
10. DIRECT MARKETING
EXAPI may only use personal information for the purposes of direct marketing without your consent if:
the personal information does not include sensitive information; and
the you would reasonably expect us to use or disclose the information for the purpose of direct marketing; and
we provide a simple way of opting out of direct marketing; and
you have not requested to opt out of receiving direct marketing from us.
We may disclose your personal information to foreign exchange contract issuers or other financial service providers, and they may send you promotional material about their products or services.
You have the right to request us not to use or disclose their personal information for the purpose of direct marketing, or for the purpose of facilitating direct marketing by other organisations. We must give effect to the request within a reasonable period of time. You may also request that EXAPI provides you with the source of their information. If such a request is made, EXAPI must notify you of the source of the information free of charge within a reasonable period of time.
We do not adopt identifiers assigned by the Government (such as driver’s licence numbers) for our own file recording purposes, unless one of the exemptions in the Privacy Act applies.
12. HOW DO WE KEEP PERSONAL INFORMATION ACCURATE AND UP-TO-DATE?
EXAPI is committed to ensuring that the personal information it collects, holds, uses and discloses is relevant, accurate, complete and up-to-date.
We encourage you to contact us to update any personal information we hold about you. If we correct information that has previously been disclosed to another entity, we will notify the other entity within a reasonable period of the correction. Where we are satisfied information is inaccurate, we will take reasonable steps to correct the information within 30 days, unless you agree otherwise. We do not charge individuals for correcting their information.
13. ACCESSING YOUR PERSONAL INFORMATION
Subject to the exceptions set out in the Privacy Act, you may gain access to the personal information that we hold about you by contacting the EXAPI Privacy Officer. We will generally provide access within 30 days of your request. If we refuse to provide the information, we will provide reasons for the refusal.
We will require identity verification and specification of what information is required. An administrative fee for search and photocopying costs may be charged for providing access to your personal information.
14. UPDATES TO THIS POLICY
This Policy will be reviewed from time to time to take account of new laws and technology, and changes to our operations and the business environment.
15. OUR RESPONSIBILITIES
It is the responsibility of management to inform employees and other relevant third parties about this Policy. Management must ensure that they advise employees and other relevant third parties of any changes to this Policy. All new employees are to be provided with timely and appropriate access to this Policy. All employees are provided with opportunities to attend privacy training. Employees or other relevant third parties that do not comply with this Policy may be subject to disciplinary action.