Data, Security & Privacy Policy

Our Commitment to Privacy

We respect each person’s right to privacy, so we’re committed to complying with the Privacy Act 1988 and the National Privacy Principles.

This policy outlines how we deal with personal information and how Stripe, our third party payment processing provider handles your information and payment.  In this Policy the expressions ‘mySmart’, ‘we’, ‘us’ and ‘our’ refer to mySmart, and its related companies.

The personal information we collect

We only collect the personal information that is necessary to lawfully and ethically carry on our business, to provide the information, products and services our customers and contacts request, to communicate efficiently with our customers and contacts, to keep our customers and contacts informed of products and services that are available from us, and to responsibly market our products and services. Our contacts include people who are employed by customers and people who may use, specify or recommend our products such as electrical contractors, builders, developers, architects, engineers, and their employees.

Unless we need particular information to supply the specific information, products or services you request, or to open a credit account for you, the personal information we might collect about you is limited to your name, gender, contact details, occupation, employer, relationship to or dealings with us or our customers, and details of your participation in our events and promotions and your purchases of our products and services.

If you apply to us to open a credit account we may collect information about your financial position and credit history.

We will generally collect your personal information directly from you. We may do this when you meet with one of our employees, communicate with us by telephone, mail, fax or email, subscribe to our publications, enter our competitions, participate in our promotions, apply for access to our websites, or submit information via our websites. We may be unable to provide the information, products or services you request, or allow you to participate in our competitions and promotions, if we are not given the personal information we ask for.

We might sometimes obtain information about you from our customers and contacts (for example, a customer who sells you our products may provide us with information about you), but we will only collect information in this way if we are satisfied that they have the right to give us the information and that we have the right to use it.

Use and Disclosure

We may use personal information we hold about you to send you invitations to attend our events, information about our competitions and promotions and your participation in them, or communications about our products and services, but we won’t send you communications if you’ve told us that you don’t want to receive them.

Apart from that, we will only use your personal information to provide the information, products and services that you request, to assess and process any application you may make for credit, and to manage any account you may have with us.

We never disclose personal information we hold about people to any entities outside of mySmart and its directly related companies to allow them to market their products and services.

Others who may have access to information

We may use external service providers who may have access to some personal information we collect. For example, we may use external contractors to manage our databases or websites or to attend to our marketing communications. We ensure that these contractors are bound by obligations of confidentiality and may only access information to the extent necessary to provide the services we require.

Information Security

We take appropriate steps to ensure that all information we hold is protected from loss, misuse, or unauthorized access, disclosure or modification. We maintain physical security over our premises and access to our computer systems is limited by user identifiers and passwords.

Our Websites

You may use many sections of our websites anonymously, but any information you choose to submit to us via our sites (eg: to book for an event, subscribe to a publication, enter a competition, participate in a promotion, or send us an email) will be treated in accordance with this Policy.

Our websites may use cookies to profile you and to tailor marketing material to your preferences. We may also record details of your visit to our sites such as your server address, domain name and browser type, the date and time of the visit, the information downloaded, and links from other sites followed to get to our sites -this information is anonymous and is only used for statistical and website development purposes.

You may require a Username and Password to access some sections of our sites. If you have a Username and Password, they will be used to identify you when you enter those sections.

Access Rights

You can request access to the personal information we hold about you. We may charge a fee when access is provided.

Stripe’s Data Usage, Privacy & Security Policy

This section will help you understand what Personal Information Stripe collects; how it collects, holds, uses and discloses that information; and the purposes of collection and disclosure.

Personal Information.  The term “Personal Information,” as used in this section, refers to any information (whether by itself or when linked with other information reasonably available to Stripe) that can be used to identify a specific person. Personal information does not include information that has been aggregated or made anonymous such that it can no longer be reasonably associated with a specific person.

Merchant.  The term “Merchant”, as used in this section refers to mySmart and its related companies.

Collection and use of your Personal Information

Stripe collects Personal Information from their merchants which use their service to process customer payments (“Merchants”) and the Merchant’s customers (“Checkout Users”) to enable Stripe to provide their services. Stripe’s services comprise all software and services that they offer, including the Stripe Checkout form that may be made available on a Merchant’s website, or other services that they offer through their website when you register for a Stripe account (collectively referred to as the “Services”).

Broadly speaking, Stripe collect information in three ways: (1) when you provide it directly to them, (2) when we obtain verification information about you or your company through trusted third parties (e.g. banks, credit bureaus), and (3) passively through technology such as “cookies” (cookie collection is described below in Section 2 Cookies and Web Server Logs).  The types of Personal Information that Stripe collect and their use of that information will depend on whether you are a Checkout User or Merchant.

Checkout Users

When you use a Merchant’s website, to make a purchase, the Merchant will collect your Personal Information and provide it to Stripe. This Personal Information includes your payment card information, your email address, your mobile phone number, and billing and shipping address. Stripe will use this information as part of the payment processing process. When you use Stripe Checkout on a merchant’s website to store your payment credentials, Stripe will use the Personal Information disclosed to them by the Merchant (outlined above) to complete purchases that you choose to make on other websites or applications that also use Stripe Checkout, but only with your permission.

Cookies and Web Server Logs

Stripe utilises “cookies” and other technologies to collect non-personally-identifiable information from their website and from other websites that use their Services. Where you request that your payment credentials be remembered by our checkout system, the cookies will also collect Personal Information about you. Information gathered through cookies and web-server log files may include information such as the date and time of visits, the pages viewed, IP addresses, links to/from any page, and time spent at our site.

Stripe use cookie data to measure web traffic and usage activity on their website for purposes of monitoring, troubleshooting and improving their website and Services, to look for possible fraudulent activity, and to better understand the sources of traffic and transactions on their website and the websites of merchants that use Stripe’s Services. Cookies also allow Stripe’s servers to remember your account information for future visits and to provide personalized and streamlined information across related pages on their website and also across other websites or applications that use Services.

Sharing and disclosure of your Personal Information

Stripe does not sell or rent your Personal Information to marketers or third parties. Stripe may disclose personal information it collects about you to third parties for a variety of purposes in connection with providing its Services and special offers to you and operating their website. These third parties may include Stripe agents, related bodies corporate, contractors, financial institutions, payment processors, verification services and credit bureaus, as well as any third parties that you have directly authorized to receive your Personal Information. Stripe may share Checkout User’s contact information, but not their card information, with Merchants as part of the Checkout User’s purchases.

Stripe may store your Personal Information in locations outside the direct control of Stripe, for instance, on servers or databases co-located with hosting providers.

Some of Stripe’s related bodies corporate or third parties to whom they disclose your Personal Information are located outside of Australia. These countries may include the United States of America, Ireland or the United Kingdom.

Stripe may also disclose your Personal Information to law enforcement, government officials, or other third parties if required by law or Stripe believes in good faith that the disclosure is necessary to prevent physical harm or financial loss, to report suspected illegal activity, or to investigate violations of their Terms of Service.

Retention of your Personal Information

Stripe has a variety of obligations to retain the data that you provide to them, both to ensure that transactions can be appropriately processed, settled, refunded or charged back, to identify fraud, and also to comply with laws applicable to them and to our banking providers and credit card processors. Accordingly, even if you close your Stripe account they will retain certain information as necessary to meet their obligations. However, Stripe will identify your account in their database as “inactive” or “closed”.

Marketing and cookies opt-out

Stripe may occasionally email you with information about offers or new services. If you do not wish to receive this marketing material then please email support@stripe.com. You can also opt out of these email communications by replying with unsubscribe in the subject line, or via an unsubscribe link included in such communications. However, you will continue to receive certain email communications related to your account and your relationship with Stripe.

If you wish to opt out of having cookies set on your browser (as described above in Section 3), the only way to ensure that this happens is to manage the settings on your web browser to delete all cookies and disallow further acceptance of cookies. Some aspects of Stripe’s service may not work properly if you do so. You may also consider visiting aboutcookies.org, which provides helpful information about cookies.

In order to understand and improve the effectiveness of Stripe’s advertising, they may also use web beacons, cookies, and other technology to identify the fact that you have visited their Website or seen one of their advertisements, and they may provide that information to one or more third party advertising networks. The information they provide may include the time and date of your visit to their website, pages viewed, links clicked and other non-personally identifying information. Those advertising networks may recognize the web beacon or cookie associated with your visit to their Website when you visit other websites on which they serve advertising, and they may make decisions about the advertisements you see based on it. We may choose to work with Google AdWords, Doubleclick, AdRoll or other advertising networks. Each of these companies has its own privacy policy, which we encourage you to review. For more information about advertising and tracking online, visit the Network Advertising Initiative. This website allows consumers to “opt out” of the behavioral advertising delivered by member companies.

Protection of information

Stripe takes all reasonable steps to ensure that the personal information they collect, use or disclose is accurate, complete, up-to-date and relevant and stored securely.

Although no data transmission can be guaranteed to be 100% secure, Stripe takes reasonable steps to ensure that your Personal Information is accurate, complete, up-to-date, relevant and stored securely. Stripe also takes all reasonable steps to ensure that the personal information they hold is protected from misuse, interference and loss and unauthorised access, modification or disclosure by the use of various methods including access limitation, and Secure Socket Layer (SSL) encryption technology to safeguard the account registration process and sign-up information.

Changes to this policy

Stripe reserve the right to make changes to this section of the Policy from time to time. Please review this Policy periodically to check for updates. If any changes are material and/or retroactive, Stripe may provide additional notice and/or an opportunity to “opt-in,” as appropriate under the circumstances. Stripe may also advise you of changes to this policy by emailing and/or mailing the revised policy to the addresses you provide us.

Contact us - Access, Correction and Complaints

You can update your account information by signing on to our Website with your Stripe account.

If you would like to access or seek correction of your Personal Information, or if you have complaints regarding Stripe’s privacy practices, please contact their privacy officer by emailing privacy@stripe.com. Alternatively, you may contact them at the following address: Privacy Officer, Stripe Australia, Level 46, MLC Centre, 19-29 Martin Place, Sydney, NSW 2000.

Stripe aims to:

  1. Acknowledge receipt of all complaints within 5 business days.  Resolve all complaints within 45 days.  This may not be possible in all circumstances.
  2. Where Stripe cannot resolve a complaint within 45 business days, they will notify you of the reason for the delay as well as an indication of when Stripe expects to resolve the complaint.

For more information about privacy issues in Australia, visit the Australian Information Commissioner’s website.