Privacy Policy

1. Intent

This Privacy Policy describes how Eastern & Allied Pty Ltd (E&A) collects and uses your personal information when you visit one of our branches or Affiliates, use our online form found on our websites, or use our online platform. The services we and our Affiliates provide, are bound by the Australian Privacy Principles under the Privacy Act 1988 (Commonwealth) and other privacy-related legislation.

2. Scope

This policy applies to all E&A and its Affiliates. This includes any person or business engaged in work for E&A on a full-time, part-time, casual, contract or volunteer basis, and includes executive and non-executive members of the board. Affiliates as defined by the Anti-Money Laundering and Counter Terrorism Financing (AML/CTF) Act 2006, are subject to the same Privacy Policy as E&A for the services they provide.

3. Personal information we collect

We collect and hold your personal information directly from you and from different sources to provide you with money transfer and foreign exchange services (services). 

The types of personal information we collect may include but is not limited to, an organisation details, an individual’s name, residential address, contact number, date of birth, gender, identification document(s), occupation, relationship between sender and receiver, receiver information, income and financial information provided to assist with our obligations under the AML/CTF Act. 

We do not store your payment details that you input when using our online platform. However, we may need to collect and hold your bank statement and/or payment slip for the purpose of approving your payments to us. .    

By using our services, you agree to the collection, transfer and storage of your personal information on our system database and storage devices, and to service providers and Affiliates to fulfil the service. 

We may collect and update your personal information through these means:

  • When you wish to use our services when you visit one of our branches or Affiliates and provide your personal information in person;
  • When you submit your personal information online to us or our Affiliates;
  • Through other means of communication such as mail, over the phone, via email, and via SMS; 
  • From a third-party source including public sources, credit reporting bodies, entities that can verify the personal information you provide in order to carry out a transaction. 

If someone other than you provides us with personal information about you, that we did not ask for and we determine that we could have collected this personal information from you had we asked for it, we will notify you, as soon as practicable. This notice will be given unless doing so would be in breach of an obligation of confidence. If we determine we could not have collected the personal information from you, we will take reasonably-practicable steps to de-identify or destroy the personal information if it is lawful and reasonably practical to do so. 

We will only collect personal information that is reasonably necessary for or directly related to, one or more of our functions. If we are unable to collect the required personal information, we may not be able to do business with you or the organisation in which you are authorised to act for.

4. Privacy Disclosure and Consent

We will use your personal information to provide you with our services and to meet our regulatory requirements including Anti-Money Laundering/Counter Terrorism Funding (AML/CTF) obligations. We may use any email address, other personal information or contact information you provide to us at any time for this purpose. 

As a customer of our business we have collected personal information from you and we will also use your personal information, from time to time, for the purposes of direct marketing communication (Refer to clause 6 - Direct Marketing). 

You agree and acknowledge that even if you opt out of receiving marketing material, we can still contact you relating to the services we have provided you. 

We will not disclose your personal information to any third party other than as set out in this Privacy Policy. In order for us to provide you with our services, we may disclose your personal information to other organisations. We take reasonable steps to ensure that these organisations are bound by privacy obligations in relation to protecting your personal information. 

We reserve the right not to disclose your personal information to you, other than the personal and sensitive information that you are entitled to access that we hold on or about you.

4.1 Disclosure to other organisations in order to provide our services

We may disclose your personal information to our service providers and Affiliates. This disclosure may be to entities within Australia and overseas. These include organisations that help us comply with our regulatory obligations (e.g. verify your identity, screen your name against watch lists and provide advice or compliance and auditing services) and a corresponding local or international party service provider that we partner with to fulfil your transfer instructions. 

While we take appropriate measures to protect personal information before disclosure to overseas recipients. However, they may have different disclosure requirements under local laws. The countries we disclose your personal information to will depend on the details of the transaction you ask us to carry out. In providing us with your personal information, you consent to the transfer of your personal information to these organisations for the purposes outlined in this privacy policy.

Before we partner with these organisations we will as part of our due diligence process, review their privacy policy and/or have an agreement in place about the disclosure of your personal information. 

4.2 Disclosure to the Australian Transaction Reports and Analysis Centre (AUSTRAC) and other government agencies:

Under the AML/CTF Act, we are required to disclose your personal information to AUSTRAC. From time to time other government agencies may request your personal information which we are obliged to provide.

4.3 Disclosure to you or your Attorney

Our privacy disclosure and consent process is as follows. The customer or a person authorised under a valid Power of Attorney of the customer has personal information disclosed to them only once they have been properly identified and verified with approved identification and documentation. Your personal information may be given to a customer’s Power of Attorney when they have been identified as such with an original or a certified copy of appropriate documentation. We reserve the right not to disclose any personal information until we are satisfied with the identity of the customer or the Attorney of the customer. 

4.4 Disclosure to your authorised person

We may allow your personal information to be disclosed to an authorised person. For this to happen, we would need a written authorisation from you. The customer and the authorised person must first be properly identified and verified with approved identification documentation. In addition to this, we would need confirmation in person that this disclosure is allowed. We reserve the right not to disclose any personal information until we are satisfied with the identity of the authorised person and the customer.

4.5 Security Incident regarding privacy risks

In the event of a security incident involving unauthorised access, use or disclosure of personal information where we may need to share personal information with a third party (such as a forensic specialist), we will seek to work cooperatively with them to protect the personal information. We may disclose further personal information for the purpose of investigating a security incident.

5. Confidentiality and Security

We will use all reasonable endeavours to keep your personal information in a secure environment and to ensure that records of customer information are protected from unauthorised access. However, this security cannot be guaranteed. We implement industry-accepted standards in protecting your personal information provided to us in person or on our websites. Additionally, we adopt Secure Socket Layer (SSL) encryption technology to protect your sensitive personal information transmitted on our websites. Your personal information is securely stored on our transaction process platform backed up to the cloud via Amazon Web Services. We also require a username and password and/or a customer verification from each user who wants to access his or her information.

We maintain physical, electronic and procedural safeguards that comply with applicable government regulations to protect your personal information. We use up-to-date technology and procedures to ensure customer data is protected from unauthorised access, misuse, and/or loss.

Notwithstanding the reasonable steps taken to keep your personal information secure, breaches may occur. In the event of a security incident, we have put in place procedures to promptly investigate the incident and determine if there has been a data breach involving personal information and if so, to assess if it is a breach that would require notification. If it is, we will notify affected parties in accordance with Privacy Act requirements.

Our organisation, our employees and Affiliates are the only people allowed to have access to your personal information and, within the organisation, only those employees who need to access your personal information as part of their job will be able to do so.

If we no longer need your personal information, unless we are required under Australian law to retain it, we will take reasonable steps to destroy or de-identify your personal information.. 

This is subject to Australian laws and may change.

Our current requirements:

  • Transaction records for seven years,
  • Customer identification records for the duration of your relationship with us, and for an additional seven years after we stop providing any services to you.

6. Direct Marketing

We will use your personal information primarily for providing you with our services, and also for direct marketing purposes. This includes but is not limited to sending you personal information about new developments, new services and special offers to either or both your email address and mobile phone number that you have provided to us.

You can, at any time, opt out of receiving marketing material by:

  • Clicking on the unsubscribe button in an email. This will only stop you from receiving marketing emails. If you also wish to opt out from receiving SMS messages you will need to inform our team (Refer to clause 11).  
  • Replying “STOP” to our SMS. This will only opt you out from receiving SMS marketing messages. If you also wish to opt out from receiving marketing emails you need to inform our team (Refer to clause 11). 

Once you request to opt out from receiving our marketing materials, this removal from our distribution lists may take up to 5 business days after the date you opted out. 

You agree and acknowledge that even if you opt out of receiving marketing material, we can still contact you relating to the services we have provided you.

7. Accuracy of Personal Information

We take all reasonable steps to ensure that your personal information held by us is accurate, up-to-date, complete, relevant and not misleading. If you believe that any of your personal information is not accurate, up-to-date, complete, relevant or is misleading, please contact us (Refer to clause 11) and we will take all reasonable steps to correct it within a reasonable time.

You may request details of personal information we hold and request us to correct or erase any erroneous or out-of-date personal information by using the contact methods listed at the end of this statement. We reserve the right not to disclose personal information to you, other than the personal and sensitive information that you are entitled to access that we hold on or about you as long as it is lawful to do so. To protect your privacy, we will need to verify your identity before making details or corrections.

8. Your Consent

By your use of our services you consent to the collection, storage, use and disclosure of your personal information in accordance with this Privacy Policy and as otherwise permitted under the Privacy Act.

9. Changes

We may vary the terms of this Privacy Policy at any time. Updated Privacy Policy documents will be posted at our website when amendments occur. The most current Privacy Policy will be published online.

10. Complaints

We work to ensure that we operate in the manner outlined in this Privacy Policy however if you have any issues or concerns, please do not hesitate to contact us so we can resolve your issues.

If you believe your privacy may have been interfered with by us, you have the right to make a complaint about the matter by contacting our Privacy Officer at the contact details below. We will investigate the complaint, respond to you promptly and attempt to resolve it.

If we receive a request in writing from you seeking resolution of a dispute concerning our services, we will respond to you in writing within 30 days of receipt of the request.

If you are dissatisfied with our handling of the complaint, or the outcome, you may take your complaint to the Office of the Australian Information Commissioner (OAIC). Further information is available by phoning: 1300 363 992 or at: http://www.oaic.gov.au/about-us/contact-us-page.

11. Access to Information We Hold About You

If you request access to the personal information or records we hold about you, we will respond to your request within a reasonable period of time. 

We will give access to personal information after identification and verification through approved identification documentation, in a manner you request, where possible.  This will be subject to any exemptions allowed under the Privacy Act. 

We will charge you a reasonable administration fee for providing that personal information.   

You may request this personal information or make a complaint to E&A by one of the following: 

  • in person at one of our branches
  • online at http://hhmt.com.au/contact-us/
  • email info@hhmt.com.au
  • telephone +61 (2) 9728 7928
  • by post to: The Privacy Officer, Eastern & Allied Pty Ltd, 56 John Street, Cabramatta, NSW 2166, Australia