Afterpay will be fair and open about the way we collect information about you and what we intend to do with the information.
When you visit our Websites or use Afterpay Services, we may collect information sent to us by your computer, mobile phone or other access device. The information sent to us may include data on the pages you access, your computer IP address, device identifiers, the type of operating system you are using, your location, mobile network information, standard web log data and other information. Web log data includes the browser type you are using and traffic to and from our site. When you visit our Websites or use Afterpay Services, we may also collect information about your transactions and your activities.
In addition, if you open an Afterpay account with us or use Afterpay Services, we may collect the following types of information:
We may also obtain information about you from third parties, such as credit reporting bodies and identity verification services, and publicly or commercially available sources for the purposes of complying with relevant legislation (Eg. anti-money laundering laws).
Third parties may also share information with us, including our Partners and related companies. We may also collect your personal information if you enter a competition or promotion we run (either directly or through our marketing agents), or through a recruitment or employment agency.
We may collect information about Partner staff directly from those staff or from our Partners. The information we collect about our Partners’ staff may include your name, position, contact details and training records.
In order to help protect you from fraud and misuse of your personal information, we may collect information about your use and interaction with our Websites or Afterpay Services. For example, we may evaluate your computer, mobile phone or other access device to identify any malicious software or activity.
We may also collect additional information from or about you in other ways, such as through contact with our customer support team or service providers (whether via mail, email or through telephone enquiries), results when you respond to a market survey and from interactions with Afterpay’s retailers.
Other than the personal information set out in this policy, Afterpay does not collect any credit information about you. If we receive information about you from a third party, wherever practical we will make sure they undertake to comply with the Privacy Act.
Afterpay only collects, holds and handles information about you that is necessary for us to perform the services you request from us, that is otherwise reasonably necessary for our business activities or if required by an Australian law or court or tribunal order.
Our primary purpose in collecting personal information is to enable us to provide you with Afterpay Services, and a secure, smooth, efficient, and customised experience. We may use personal information we collect about you for a number of purposes including, but not limited to:
Generally, we may use your personal information for the purposes for which we collect it and for related purposes which would be reasonably expected by you.
If all or some of your personal information is not collected or cannot be verified, we may be unable to provide you with Afterpay Services or a customised experience.
How we share personal information with other parties
We may share your personal information with:
Please note that these third parties may be in other countries where the laws on processing personal information may be less stringent than in Australia. When we disclose your personal information overseas, we will take reasonable measures to ensure that your information is held, managed and accessed in accordance with the standards that apply in Australia, including the APPs. In relation to health information about an individual, we will generally only disclose the information outside of the state or territory where we collected it if we reasonably believe that the recipient of the information is subject to a law, binding scheme or contract which upholds principles for fair handling of the information that are substantially similar to the principles that apply in the state or territory of collection.
In addition, you should note that retailers you buy goods or services from or contract with (even if such goods or services are purchased using our Afterpay products) have their own privacy policies, and Afterpay is not responsible for their actions, including their information protection practices.
If you open an Afterpay account directly on a third party website or via a third party application, any information that you enter on that website or application (and not directly on Afterpay’s Websites) will be shared with the owner of the third party website or application. These sites are governed by their own privacy policies and you are encouraged to review their privacy policies before providing them with personal information. Afterpay is not responsible for the content or information practices of such third parties.
We may require your consent to use and/or disclose your personal information if we need to use your information for a purpose that is not related to the purpose for which it was collected.
If you do not consent to Afterpay collecting, using and/or disclosing your personal information, this may affect Afterpay’s ability to deliver and improve our products and services.
Afterpay sends marketing materials to its customers and other people who have provided Afterpay with personal information from time to time about products and services offered by Afterpay, its Partners and its affiliates.
If you do not wish to receive marketing materials from Afterpay, its Partners or its affiliates, please complete the opt-out provision on the marketing information sent to you and return it to Afterpay (or contact us on:Email: [email protected]
Afterpay will note your request and respect your wish not to receive any marketing materials.
If you choose not to receive any marketing materials from Afterpay, you may miss out on special product and service offerings and opportunities.
For example, Cookies allow us to save your password so you do not have to re-enter it every time you visit our site.
Most web browsers automatically accept Cookies. You can find information specific to your browser under the “help” menu. You are free to decline our Cookies if your browser or browser add-on permits, unless our Cookies are required to prevent fraud or ensure the security of websites we control. However, declining our Cookies may interfere with your use of our Websites and Afterpay Services.
Afterpay will keep your personal information secure by taking reasonable steps to protect it from misuse, loss and unauthorised access, modification and disclosure.
We protect your information using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorised access, disclosure and alteration. Some of the safeguards we use are firewalls and data encryption, physical access controls to our data centres, and information access authorisation controls. Only properly authorised people who have a need to access personal information to perform their job will be able to see or use that information. Afterpay stores personal information in transmission logs and archive systems for a period Afterpay considers reasonable depending on the primary purpose for which that information was collected.
Afterpay will ensure that its employees and service providers receive training (and refresher training) about the management of personal information relevant to their respective roles and responsibilities.
We will strive to ensure that information about you is accurate when we collect or use it. Subject to some exceptions under privacy legislation, we will let you see the information we hold about you and correct it if it is inaccurate, incomplete or out-of-date. If we do not grant you access to your personal information we will tell you why.
If you wish to obtain access to and/or correct your personal information held by Afterpay, please contact Afterpay on:Email: [email protected]
Afterpay will provide written acknowledgement of receiving your request for access within 7 days of receipt. Unless it does not agree to your request for access to personal information, in most cases Afterpay will provide you with access within 30 days of receipt of your request. If you request corrections to your personal information and Afterpay agrees with your request, these changes will be made as soon as practicable. If Afterpay does not agree to your request for correction, it will notify you of the reasons it does not agree and will note your request on the records it holds about you. If you remain dissatisfied you may also complain to the Office of the Australian Information Commissioner (at www.oaic.gov.au).
Subject to the terms set out in the Afterpay User Agreement, you can also close your Afterpay account through our Websites. If you close your Afterpay account, we may retain information from your account for a period of time to collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigations, prevent fraud, enforce our User Agreement, or take other actions as required or permitted by law.
If you have a complaint regarding Afterpay’s management of your personal information, please prepare your complaint in writing and email it to us at [email protected]
Afterpay will provide written acknowledgement of your complaint within 7 days of receipt. We will investigate and advise you of the steps we have taken to resolve your complaint within 30 days of receipt of your complaint.
Afterpay’s PCI DSS Policy is available here.