Privacy & Credit Reporting Policy

We take your privacy extremely seriously and are committed to ensuring that your personal information is protected in compliance with all Australian laws.  This Privacy and Credit Reporting Policy (Policy) describes what, why and how we collect and use your personal information and credit information, how we protect it and how you can contact us.

Coffee Capsules 2 U Pty Ltd ACN 606 485 661 (CC2U) of 38 Ricketty, Mascot, NSW 2020, and its related bodies corporate (we, our, us) recognise the importance of protecting the privacy and the rights of individuals in relation to their personal information. This Policy explains the types of personal information that we may collect and hold, how that information is used and with whom the information is shared.  It also sets out how you can contact us if you have any queries or concerns about this information.

References to CC2U Group companies in this Policy include CC2U and any entity, the majority of whose shares or equity is owned or controlled directly or indirectly by CC2U.

We respect your rights to privacy under the Privacy Act 1988 (Cth) (Act), including the Australian Privacy Principles (APP’s), Part IIIA of the Act and the Privacy (Credit Reporting) Code 2014 (CR Code).  We comply with all of the Act’s requirements in respect of the collection, management and disclosure of your personal information.  The Act and the CR Code contain provisions regarding the use and disclosure of credit information, which applies in relation to the provision of both consumer credit and commercial credit (as defined by the Act).

A. PRIVACY POLICY

1. AUSTRALIAN PRIVACY PRINCIPLES

The Act and the CR Code place obligations and responsibilities on us to ensure that information collected from individuals is collected, retained and used in line with the APP’s.  We shall abide by the following APP’s at all times:

Further information regarding the APP’s can be obtained from the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

2. INFORMATION THAT WE COLLECT

We need to collect personal information from you in order for us to provide products, services and support to you.  If you do not provide us with certain information when prompted, we may be unable to sell you products and/or provide certain services, including sales services.

When used in this Policy, the term “personal information” has the meaning given to it in the Act. In general terms, personal information it is any information that can be used to personally identify you. This may include your name, address, telephone number, email address and profession or occupation. If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered personal information.

2.1 What personal information do we collect and hold?

We may collect the following types of personal information: 

• names, address and contact details;
• date of birth;
• gender;
• interests;
• account and newsletter preferences;
• delivery date for products you purchased from us;
• your business contact details, place of employment and position;
• credit and financial checks;
• information about your social network profile such as your social network ID, profile picture, gender and location;
• the fact that you have clicked on a ‘like’, ‘+1’ or ‘tweet’ or similar button in one of our websites or services or on one of our pages on a social network site, and information about further interactions with this posted content (for example, if your contacts click on a link in the posted content), which we may associate with the details that we store about you;
• information about your visit to our website, such as your browser software, which pages you view and which items you ‘clicked’ on or added to your shopping basket;
• service, product or server logs, which hold technical information about your use of our service, product or websites, such as your IP address, domain, device and application settings, errors and hardware activity;
• information about where your device is physically located (for example, when you are using a geo-location service or application and you have provided consent to your location being shared);
• in the case of candidates seeking employment with us, information relevant to your employment history including evidence of your right to work in Australia;

We may also collect any additional information relating to you that you provide to us directly through our websites or indirectly through use of our websites or online presence, through our representatives or otherwise.

2.2 HOW DO WE COLLECT YOUR PERSONAL INFORMATION?

We collect your personal information directly from you, from publicly available sources of information and from third parties: 

• by using written forms;
• through contact in person or over the telephone, mobile or other messaging technology; and
• via the internet (including social media, online forms, our website).

 There are a range of people, organisations and sources from whom or from which we collect your personal information.  These may be parties related to the CC2U Group or third parties, including:

• other related bodies corporate within the CC2U Group; and
• publicly available sources of information. 

3. PURPOSES OF COLLECTING PERSONAL INFORMATION

3.1 GENERAL

CC2U may use information it collects for a wide range of purposes, including to: 

• to send communications requested by you;
• fulfill obligations under any sale and purchase contract and/or any other contract between you and any CC2U Group entity;
• provide you with a product or service you have requested, including checking that a payment is not made fraudulently, delivering you purchase to you or ensuring that you benefit from any relevant special offer or promotion (and fulfill its obligations under any other agreement it may have with you);
• render services related to the CC2U Group’s business such as providing customer care, warranty, returns, servicing our products and other after sales services;
• provide information about products, services and/or special offers;
• train staff and for quality assurance purposes, particularly in relation to our customer relations staff at our support centres;
• record statistical data for marketing purposes;
• to answer enquiries and provide information or advice about our business;
• for access control, safety and training purposes;
• conduct business processing functions including providing personal information to our related bodies corporate, contractors, service providers or other third parties;
• for safety and identification reasons, including in the event of an emergency when a staff member is overseas;
• for the administrative, planning, and internal audit purposes of any CC2U Group entity, its related bodies corporate, contractors or service providers;
• to provide your updated personal information to our related bodies corporate, contractors or service providers;
• to improve and personalise your experience on our websites and applications, typically through automated tracking technologies (such as cookies) that collect and remember certain account login information, technical information and website usage information;
• for general promotional purposes;
• to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority of any country (or political sub- division of a country).

3.2 Secondary purposes

We will also use and disclose your personal information for a secondary purpose related to a purpose for which we collected it, where you would reasonably expect us to use or disclose your personal information for that secondary purpose.  For example, we will disclose your personal information to third party service providers so that they can provide certain contracted services to the CC2U Group, such as information technology support or programming, hosting services, telephone services, mailing or sending of documents to you digitally or otherwise.

3.3 Other

There will be other instances where we may use and disclose your personal information, including where: 

• you have consented to the use or disclosure;
• we reasonably believe that the use or disclosure is reasonably necessary for an enforcement activity conducted by or on behalf of an enforcement body; or
• we are required or authorised by law to disclose your personal information, for example, to a court in response to a subpoena or court order.

3.4 Combining the information we collect

We may link or combine the information that we collect from the different sources outlined above in the ‘Information we collect’ section above (including information received from other CC2U Group companies about your use of other CC2U Group products and services). Information may be linked via a unique identifier, such as a cookie or account number.  Alternatively, we may decide to combine two or more databases into a single database of customer information.

We may do this for your and/or our convenience (for example, to allow you to more easily register for a new service), to allow us to provide a more seamless customer support whenever you contact us and to provide you with better, personalized services, content, marketing and adverts.

4. DISCLOSURE OF PERSONAL INFORMATION

 4.1 Disclosure of information by CC2U

We do not generally sell, rent or otherwise disclose information about you to third parties without your consent.  However, there are exceptions: 

• Other CC2U Group companies 

We will share your personal information with all related bodies corporate within the CC2U Group.  If one CC2U Group company collects your personal information, other CC2U Group companies may use and disclose that personal information for the purposes for which we collected it, described in section 2 above. 

Other CC2U Group companies to whom we have disclosed your personal information for one of these purposes may combine this information with details they hold about you.  Unless that CC2U Group company provides you with its own privacy policy, it may use your personal data for the purposes explained in this policy. 

• Our business partners 

If you request or agree to receive information or newsletters from one of our business partners, we may provide that third party with your details so that they can respond to your request. 

• Our service providers 

We may use third party service providers to process information on our behalf for the purposes outlined above, including without limitation, web hosting providers, IT systems administrators, couriers, payment processors, web hosting providers, data entry service providers and electronic network administrators.  For example, fulfilling orders, delivering packages, sending postal mail and emails, sending text messages (SMS), providing marketing assistance, processing credit card payments, providing fraud checking services and providing customer services. Our service providers operate only in accordance with our instructions, in line with this privacy policy, and are subject to appropriate confidentiality and security obligations. 

• Legal and business purposes 

We may disclose information about you to: 

• our employees and contractors;
• to government bodies and law enforcement agencies to prevent fraud, to comply with the law and to meet a reasonable request from such bodies;
• to third parties (including professional advisors) to enforce or defend the legal rights of any CC2U Group company or the terms and conditions of any CC2U product or service;
• to a third party purchaser or seller, and its and our professional advisors, in connection with a corporate event such as a merger, acquisition or in the event of an insolvency situation; and
• anonymous statistics. 

4.2 SHARING OF INFORMATION BY YOU

A number of our online services allow you to upload and share messages, photos, video and other content and links with others and/or create a publically accessible profile for your account.  For example: 

• other services allow you to share a link which if clicked on may allow the recipient to access your uploaded content;
• certain pages in our websites, allow you to post comments (with your username), which are visible to other users of that service. 

You should not expect any information that you make available to others via our online services to be kept private or confidential.  Content and links that you share might, for instance, be forwarded by your recipients to others.  You should always exercise discretion when using such services.

4.3 Overseas disclosure

We do not disclose information personal information to third party overseas recipients unless specifically agreed to by both parties in writing.  We will notify you if circumstances change regarding overseas disclosure and will comply with the Act in all respects.

4.4 Marketing communications 

Where you have opted-into receiving direct marketing communications about CC2U, we may collect and use your personal information to keep you up to date with the latest news, events, special offers and promotions of our brands.  Direct marketing involves the use and/or disclosure of personal information to communicate directly with an individual to promote goods and services.  This may include: 

• General marketing communications – to send you communications such as emails, SMS text messages and postal mailings; and
• Targeted advertising – to show you marketing communications on other websites, including on social media sites where you are a member (such as Facebook), by matching activities or information collected on our websites with those collected on third party sites (e.g. data-matching). 

You can always opt-out from receiving such communications by following the ‘unsubscribe’ link and/or instructions placed (typically) at the bottom of the email.  You may also visit social media sites where you are a member to explore op-out options that may provide for targeted advertising.  Please note that even if you opt-out from receiving marketing communications from us, you may still receive administrative communications from us (such as order confirmations).  You will still also see generic ads on other websites, including on social media sites where you are a member.

5. SECURITY OF YOUR INFORMATION

We hold your personal information in: 

• computer systems;
• electronic databases;
• digital archives;
• telephone recordings; and
• hard copy or paper files.

These storage mechanisms may be managed in a number of ways.  They may be managed internally by a company in the CC2U Group and may be held locally in Australia, or they could be managed by a third party storage provider with whom the CC2U Group has a contractual relationship and be either managed locally or overseas.  We will take all reasonable steps to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure.  We do this by: 

• limiting physical access to our premises;
• limiting access to the information we collect about you (only those of our staff who need your information to carry out our business activities are allowed access);
• putting in place physical, electronic and procedural safeguards in line with industry standards;
• using Secure Sockets Layer (SSL) encryption when collecting or transferring sensitive information, such as credit card details (SSL encryption is designed to make the data unreadable by anyone but us); and
• destroying or de-identifying personal information pursuant to the law and our record retention policies.

As our Australian websites are linked to the internet, and the internet is inherently insecure, we cannot provide any assurance regarding the security of transmission of information you communicate to us online. We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet. Accordingly, any personal information or other information which you transmit to us or our related bodies corporate online is transmitted at your own risk. 


6. ACCESS TO YOUR INFORMATION

You may request access to any personal information we hold about you at any time by contacting the Privacy Officer (see details below).  Depending on the nature of the request, we may charge for providing access to your personal information, however, such charge will not be excessive.  If the personal information we hold about you is inaccurate, incomplete or not up to date, you may request that we correct the information by contacting the Privacy Officer.  

There may be instances where we cannot grant you access to the personal information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal.

7. COMPLAINTS

If you are concerned that we have not complied with your legal rights or applicable privacy laws, you may bring a complaint internally through our complaints process or you may decide to make a formal complaint with the OAIC (www.oaic.gov.au).

If you wish to make a complaint directly to us:

• Contact us by contacting our Privacy Officer at the details set out in section 10 A response will be provided within a reasonable period.
• Investigation of your complaint – our Privacy Officer will investigate your complaint and provide a response in writing within a reasonable period.
• Contact OAIC – we will deal fairly and promptly with your complaint. However, if you remain dissatisfied, you can contact the OAIC directly (refer to the OAIC’s contact details on their website at oaic.gov.au).

8. LINKS 


Our website may contain links to other websites that are not operated by CC2U, including websites operated by other CC2U Group companies.  We make no representations or warranties in relation to the privacy practices of any of those websites and we are not responsible for the content, security or privacy practices of those websites. You should view the privacy and cookie policies displayed on those websites to find out how your personal information may be used.

9. CHILDREN’S PRIVACY

We do not knowingly collect personal information from children below the age of 18.  If we discover that we have accidentally collected information from a child, we will remove that child’s information from our records as soon as feasibly possible.  However, we may collect personal information about children below the age of 18 from the parent or guardian directly.

   10. CONTACT US

If you would like more information about our approach to privacy, or if you think that we have breached the APP’s or if you have any concern about the way we have handled your personal information, please contact our Privacy Officer:

We will treat your requests or complaints confidentially. Our Privacy Officer will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in timely and appropriate manner. 


11. Changes to privacy policy

We reserve the right to make change this privacy policy at any time. Any updated versions of this privacy policy will be posted on our website.  We encourage you to regularly review this privacy policy to make sure you are aware of any changes and how your information may be used.

B. CREDIT REPORTING POLICY

1. INFORMATION THAT WE COLLECT

Credit information relates primarily to your credit related dealings with us and covers various types of information that can be collected by Credit Reporting Bodies (CRB) that report on consumer credit worthiness.

1.1 What credit information do we collect and hold?

Credit information includes: 

• identification information;
• basic information about your credit account (for example, when it was opened);
• details about information requests we made about you to CRBs;
• information about certain overdue payments and serious credit infringements and information about payments or subsequent arrangements in relation to either of these; and
• various publicly available information like bankruptcy and credit-related court judgments. 

We may collect credit information about you in any of the circumstances relating to personal information described in section 2.2 of our Privacy Policy.  Credit eligibility information is information equivalent to the kinds listed above that we generally collect from CRBs.

This information relates primarily to your dealings with other credit providers (for example, banks, other financial institutions, or other organisations that may provide you with credit in connection with their products and services).  It may also include certain credit worthiness information that we derive from the data that we receive from a CRB.  Sometimes we may also collect credit eligibility information about you from other credit providers.

1.2 How do we collect your credit information?

We store and safeguard your credit information and credit eligibility information in the ways described in section 5 of our Privacy Policy.

We may disclose your credit information to CRBs.  Those CRBs may then include that information in credit reporting information that they provide to other credit providers to assist them to assess your credit worthiness.  We may also use and disclose your credit information for other purposes and in other circumstances as described in section 3 of our Privacy Policy, when permitted to do so by the Act. 

Our use and disclosure of credit eligibility information is regulated by Part IIIA of the Act and the CR Code.  We will only use or disclose such information for purposes permitted by these laws, such as: 

• processing credit-related applications and managing credit that we provide;
• assisting you to avoid defaults;
• collecting amounts you may owe us in relation to such credit and dealing with serious credit infringements;
• assigning our debts;
• participating in the credit reporting system;
• dealing with complaints or regulatory matters relating to credit or credit reporting; and
• as required or authorised by another law. 

2. ACCESS TO YOUR INFORMATION

If you wish to access or correct errors in any of your credit information or credit eligibility information that we hold, please contact us using the contact details in section 10 of our Privacy Policy. We may apply an administrative charge for providing access to your credit eligibility information, depending on the request.

3. COMPLAINTS

If you think we have not complied with Part IIIA of the Act or with the CR Code (which regulates credit reporting), you can make a complaint by using the contact details set out in section 10 of our Privacy Policy.

We will acknowledge your complaint in writing as soon as reasonably practicable.  We will aim to investigate and resolve your complaint by providing a written response within a reasonable period. 

We may need to consult with a CRB or another credit provider to investigate your complaint.  While we hope that we will be able to resolve any complaint without needing to involve third parties, if you are not satisfied with the outcome of your complaint you can make a complaint to the OAIC (www.oaic.gov.au).

Dated: 17/07/2015