1. Policy statement

TMA Group (ZipBy Pty Ltd) is committed to protecting the privacy of the personal information which it collects and holds

TMA must comply with the Australian Privacy Principles under the Privacy Act 1988 (Cth), and other privacy laws which govern the way in which organisations such as TMA hold, use and disclose personal information.

The purpose of this Privacy Policy is to explain:

• the kinds of information that TMA may collect about you and how that information is held;
• how TMA collects and holds personal information;
• the purposes for which TMA collects, holds, uses and discloses personal information;
• how you can access the personal information TMA holds about you and seek to correct such information; and
• the way in which you can complain about a breach of your privacy and how TMA will handle that complaint.

Terms used in this Privacy Policy are defined in Clause 9.

2. Collection and use of personal information

2.1 Types of personal information collected by TMA

(a) Customers

TMA collects information from you which is necessary to provide you with our products and services. This includes collecting personal information such as your name, address, telephone number, email address, bank account details and any other information which may be necessary to enable us to effectively and efficiently provide our products and services to you.

(b) Contractors and service providers

• TMA collects information from you which is necessary to properly manage and operate our business. This includes collecting personal information such as your name, address, telephone number, email address, bank account details, experience, qualifications, your past employers or customers, and any other information which we consider reasonably necessary in connection with our engagement of you or our ongoing relationship with you.

(c) Job applicants and employees

• TMA collects information from you which is necessary to properly manage and operate our business. This includes collecting personal information such as your name, address, telephone number, email address, bank account details, professional experience, qualifications and past employers, and any other information which we consider reasonably necessary in determining the merits of your application or for the purposes of managing your ongoing employment with us.

2.2 How we collect personal information

We will usually collect your personal information directly from you, however sometimes we may need to collect information about you from third parties, such as:

• other service providers;
• past employers and referees;
• sources of publicly available information, such as databases lawfully maintained by government departments or private companies;
• our related entities.

We will only collect information from third parties where:

• you have consented to such collection;
• such collection is necessary to enable us to provide you with our products or services;
• such collection is reasonably necessary to enable us to appropriately manage and conduct our business; or
• in other circumstances where it is legally permissible for us to do.

TMA will only collect information which is necessary to provide you with our products and services or appropriately manage and conduct our business.

2.3 How TMA uses your personal information

TMA only uses your personal information for the purpose for which it was collected by TMA (primary purpose), unless:

there is another purpose (secondary purpose) and that secondary purpose is directly related to the primary purpose, and you would reasonably expect, or TMA has informed you, that your information will be used for that secondary purpose;

• you have given your consent for your personal information to be used for a secondary purpose; or
• TMA is required or authorised by law to use your personal information for a secondary purpose (including for research and quality improvements within TMA).

For example, TMA may use your personal information to:

• verify your identity;
• enable speedy contact with your next of kin, should the need arise in an emergency;
• gain an understanding of your needs in order for us to provide you with better products and services;
• provide you with the products and services you require;
• administer and manage our services, including charging, billing and collecting debts;
• inform you of ways the products and services provided to you could be improved;
• appropriately manage our business, such as assessing insurance requirements and conducting audits;
• assist us in running our business, including quality assurance programs, improving our services, implementing appropriate security measures and training personnel; and
• effectively communicate with third parties.

2.4 Complete and accurate details

Where possible and practicable, you will have the option to deal with TMA on an anonymous basis or by using a pseudonym. However, if the personal information you provide us is incomplete or inaccurate, or you withhold personal information, we may not be able to provide the products and services or support you are seeking, or deal with you effectively.

2.5 CCTV

TMA uses camera surveillance systems (commonly referred to as CCTV) on its premises for the purposes of maintaining safety and security of its customers, personnel, visitors and other attendees. Those CCTV systems may also collect and store personal information and TMA will comply with all privacy legislation in respect of any such information.

3. Disclosing your personal information

TMA will confine its disclosure of your personal information to the primary purpose for which that information has been collected, or for a related secondary purpose. This includes when disclosure is necessary to provide products or services to you, assist us in running our organisation, or for security reasons.

We may provide your personal information to:

• your authorised representatives or your legal advisers;
• credit-reporting and fraud-checking agencies;
• credit providers (for credit related purposes such as credit-worthiness, credit rating, credit provision and financing);
• our professional advisers, including our accountants, auditors and lawyers;
• government and regulatory authorities and other organisations, as required or authorised by law;
• third parties involved in the provision of products and services to you, such as our suppliers and contractors;
• any of TMA’s related entities;
• to our insurers in connection with any insurance claim or potential insurance claim;
• to travel agencies, airlines, hotels, accommodation providers and other similar service providers in connection with any travel arrangements relating to your employment (if applicable);
• anyone authorised by you to receive your personal information (your consent may be express or implied); or
• anyone to whom TMA is required by law to disclose your personal information.

4. Data storage, quality and security

4.1 Data quality

TMA will take reasonable steps to ensure that your personal information which is collected, used or disclosed is accurate, complete and up to date.

4.2 Storage

All your personal information is stored by TMA securely in either hard copy or electronic form.

4.3 Data security

TMA strives to ensure the security, integrity and privacy of personal information, and will take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification or disclosure. TMA reviews and updates (where necessary) its security measures in light of current technologies.

TMA follows all PCI-DSS requirements and implement additional generally accepted industry standards

System scan, penetration testing as well as annual onsite PCI audits are performed by independent Qualified Security Assessor (QSA) certified by the PCI Security Standards Council to assess compliance with PCI DSS  

4.4 Storage location

Your personal information may be stored by TMA or third parties to whom we are permitted to disclose your personal information in accordance with this Privacy Policy in Australia. We take steps to ensure that our service providers are obliged to protect the privacy and security of your personal information and use it only for the purpose for which it is disclosed.

4.5 Online transfer of information

While TMA does all it can to protect the privacy of your personal information, no data transfer over the internet is 100% secure. When you share your personal information with TMA via an online process, it is at your own risk.

There are ways you can help maintain the privacy of your personal information, including:

• always closing your browser when you have finished your user session;
• always ensuring others cannot access your personal information and emails if you use a public computer; and
• never disclosing your user name and password to third parties.

5. Use of cookies

A ‘cookie’ is a small data file placed on your machine or device which lets TMA identify and interact more effectively with your computer. Cookies do not identify individual users, but they do identify your ISP and browser type.

Cookies which are industry standard and are used by most web sites, including those operated by TMA, can facilitate a user’s ongoing access to and use of a site. They allow TMA to customise our website to the needs of our users. If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to deny or accept the cookie feature. However, cookies may be necessary to provide you with some features of our on- line services via the TMA website.

6. Links to other sites

TMA may provide links to third party websites. These linked sites may not be under our control and TMA is not responsible for the content or privacy practices employed by those websites.

Before disclosing your personal information on any other website, you should carefully read the terms and conditions of use and privacy statement of the relevant website.

7. Accessing and amending your personal information

You have a right to access your personal information which TMA holds about you. If you make a request to access your personal information, we will ask you to verify your identity and specify the information you require.

You can also request an amendment to any of your personal information if you consider that it contains inaccurate information.

You can contact TMA about any privacy issues as follows: 

Privacy Officer
Ph: (02) 9892 9990

4-6 Straits Avenue
Locked Bag 60
Granville NSW 2142

While TMA aims to meet all requests to access and amendments to personal information, there may be some instances where TMA is unable to do this where it may adversely affect your health and safety or the safety of others.

8. Complaints

If you have a complaint about TMA’s information handling practices or consider we have breached your privacy, you can lodge a complaint with:

• the Privacy Officer on the contact details listed in Clause 7 above; or
• the Office of Australian Information Commissioner. TMA deals with all complaints in a fair and efficient manner.

9. Definitions

In this Privacy Policy the following terms have the following meanings:

• personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
• whether the information or opinion is true or not; and
• whether the information or opinion is recorded in a material form or not;
• related entities has the meaning given to that term under the Corporations Act 2001 (Cth).

TMA means TMA Group of Companies Limited and its related entities from time to time