SpendAble Privacy Policy

This privacy statement is made on behalf of Gimme IT Pty Ltd ABN 73 640 295 816 trading as Spendable. All references to “Spendable”, “we”, “us” or “our” in this policy are references to Gimme IT Pty Limited.

Spendable is committed to protecting your privacy and to compliance with the Australian Privacy Principles contained in the Privacy Act 1988 (Cth), and any other applicable regulation. If you have any questions relating to this privacy statement or your privacy rights, please contact us.

This Privacy Statement sets out the policy of Spendable for handling and protecting your personal information. We are committed to ensuring the privacy of your information and recognise that you, as a customer, are concerned about your privacy and about the confidentiality and security of information that Spendable may hold about you.

This Policy is designed to inform customers of –

• The Spendable Privacy Policy.

• What information we collect and the purposes for which we collect it.

• Use and disclosure of information collected;

• Security of your personal information.

• Gaining access to information we hold about you.

• What to do if you believe the information, we hold about you is inaccurate.

• Complaints in relation to privacy; and

• How to contact us.

Personal Information

Personal information is information or an opinion about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion. Spendable will also collect any personal information necessary for the purposes of complying with the Anti-Money Laundering and Counter Terrorism Financing Act 2006.

Open and transparent management of personal information

Spendable seeks to ensure that personal information we hold about an individual is managed in an open and transparent manner. We have implemented procedures to ensure compliance with the Australian Privacy Principles and any applicable codes, and to deal with any complaints relating to our compliance therewith.

Spendable has a clear and up-to-date privacy policy outlining our management of personal information, including details regarding the kind of personal information we collect and hold; how and why we collect and hold this information, and how an individual may access and seek correction of the information we hold about them. We further provide details regarding our complaints handling process, our policy on disclosure of information to overseas recipients (and if so, which countries).

Collection of personal information

This policy details how Spendable adheres to the Australian Privacy Principles regarding the collection of solicited personal information. Spendable only collects personal information directly from individuals, which is reasonably necessary for the provision of our services, and only by lawful and fair means. Information is generally sought or collected through our account application form, and when you use your card to make a purchase in store or on-line or make a non-cash payment. Information may otherwise be collected from time to time through our website, apps, social media, and other digital services. Information may also be collected from public sources and any party authorised to act on your behalf.

We may monitor and record your communications with us (including email and telephone for security, dispute resolution and training purposes.

We will always ensure you are apprised of our purpose in collecting information, and your right to gain access to such information. If you do not provide the information requested, we may be unable to provide you with our services.

Please note that generally we will only use the personal information we collect for the main purposes disclosed at the time of collection such as to provide our card/payment services. Where possible we will collect the information directly from you via our online application process.

We provide information and services through a range of digital and online services including websites (e.g., spendable.com.au) apps, email, online advertisements, and social media profiles. These services may be operated by us to provide a consistent experience, personalise your use of each of those services and provide targeted marketing. Spendable may use “cookies”. A cookie is a piece of information that allows the server to identify and interact more effectively with your device. The cookie assists us in maintaining the continuity of your browsing session and remembering your details and preferences when you return. Other technologies that may be used with Spendable include web beacons (which may operate in conjunction with cookies), Flash local stored objects and JavaScript. You can configure your web browser to reject and delete cookies and block JavaScript, but you may find some parts of Spendable services then have limited functionality. You can control your preferences regarding Flash local stored objects via this site.

Our systems record a variety of information in relation to interactions with our online services. This can include information about software versions used, device identifiers (like IP address), location data (where available and not disabled by the user), dates, times, file metadata, referring website, data entered and user activity such as links clicked. In some cases, third parties may use cookies and other technologies such as those described above as part of the Spendable services. These technologies may be used in connection with activities like surveys, online behavioural advertising, website analytics and email campaign management.

The services we may use from time to time include Google Analytics, Google Display Network, Google AdSense, DoubleClick. You can find more details in the privacy policies for those services (e.g., Google’s Ads Preferences Manager), including information on how to optout of certain conduct. Bear in mind, you may need to opt-out separately from each service.

In other cases, we may associate information about your use of Spendable services over time with your personal information, e.g., where on any occasion you have logged in, followed a link sent to you by email or we have otherwise been able to identify you.

We are constantly developing and enhancing our use of online technologies and make reasonable efforts to ensure we keep this Privacy Policy and related documents up to date in this regard. Please check back when you return to use our online services to ensure you are familiar with our current practices.

The Spendable website may contain links to the websites of third parties. If you access those third-party websites, they may collect information about you. Spendable does not collect information about you from the third parties. You will need to contact them to ascertain their privacy standards.

Unsolicited personal information

Where we receive personal information about an individual which is unsolicited by us and not required for the provision of our services, we will destroy the information (provided it is lawful and reasonable for us to do so).

Notification of the collection of personal information

When we obtain personal information about you, we ensure that you have our contact details and that you are aware of the collection of information and our purposes for doing so. As per above, we are unable to provide certain services if the requested information is not provided. We do not disclose your information to third parties, unless they are related entities or service providers, who have a comparable privacy policy in place.

Use and disclosure of personal information

Spendable collects and holds personal information about an individual for the purpose of providing card/payment services. This includes processing payments, delivering orders, managing promotions, providing refunds and discounts, verifying your identity, communicating with you, conducting product/market research, updating our records, responding to enquiries from you. We also utilise your personal information to tailor and personalise our products and services and conduct risk assessments.

We collect this information with your consent as per application form or other documentation, and your transaction history, for the primary purpose disclosed to you at the time of collection.

In some cases, we may ask you to consent to any collection expressly and additionally, use or disclosure of your personal information. Your consent will usually be required in writing, but we may accept verbal consent in certain circumstances. We may also disclose your personal information where it is required or authorised by law.

We may use your personal information to:

• provide our services.

• respond to any specific requests you may make of us.

• notify you of any products that may be of interest to you.

• audit and monitor the services we provide to you including staff training.

• to consider or investigate any issues or complaints in relation to our products or services or to administer any legal action in which we are involved with you.

• update your personal files; and

• enable us to meet our legal obligations under law (e.g., AML/CTF, tax laws).

Spendable may disclose your personal information to our agents, contractors, or third-party service providers to enable them to provide administrative and other support services to us. We may also use third party service providers to maintain some of our data systems and provide auxiliary services. We require any party that has access to personal information to maintain comparable privacy policies and procedures and be subject to comparable privacy regulation in their jurisdiction, if located outside Australia.

You may also wish to review the privacy policies of our key third party providers, Flexewallet Ltd and Novatti Pty Ltd (the issuer of the Parent Wallet and Prepaid Card).

We will also disclose your personal information where the disclosure is required by law, for example to government agencies and regulatory bodies as part of our statutory obligations, or for law enforcement purposes.

Direct Marketing

We may utilise your personal information to provide you with targeted marketing and advertising initiatives via telephone, email, or other media, regarding products or services we think may be of interest to you. You may notify us that you do not wish to receive such communications at any time by clicking on the opt-out link provided.

Often the law requires us to advise you of certain changes to products/ services or regulations. You will continue to receive this information from us even if you choose not to receive direct marketing information from us. We will only disclose your information to an outside party for the purpose of allowing them to directly market to you, where you have consented to such disclosure.

Quality of personal information

Spendable takes all reasonable steps to ensure the personal information held about individuals is accurate, up-to-date, and complete. We verify personal information at the point of collection.

Spendable encourage you to help us by telling us immediately if you change your contact details (such as your phone number, street address or email address) or if any of your details need to be corrected or updated. A person wishing to update their personal information may contact our Customer Service team or the Privacy Officer on the contact details shown within this document.

Access to personal information

Where a person requests access to their personal information, our policy is, subject to certain conditions (as outlined below) to permit access. Spendable will correct personal information where that information is found to be inaccurate, incomplete, or out of date. We will not charge you a fee for your access request but may charge you the reasonable cost of processing your request.

If a person wishes to access their personal information or correct it, they should contact the Privacy Officer, and we will seek to provide such information within a reasonable period, and in the manner so requested (where reasonable to do so).

Spendable may not always be able to give you access to all the personal information we hold about you. If this is the case, we will provide a written explanation of the reasons for our refusal, together with details of our complaints process for if you wish to challenge the decision.

• We may not be able to give you access to information in the following circumstances:

• Where we reasonably believe this may pose a serious threat to the life, health of safety of any individual or to public health/safety.

• Which would unreasonably impact the privacy of another individual.

• Where such request is reasonably considered to be frivolous or vexatious.

• Which relates to existing or anticipated legal proceedings which would otherwise not be accessible in the discovery process relating to such proceedings.

• Which would reveal our intentions and thereby prejudice our negotiations with you.

• Which would be unlawful.

• Which is prohibited by law or a court/tribunal order.

• Which relates to suspected unlawful activity or serious misconduct, where access would likely prejudice the taking of appropriate action in relation thereto.

• Where enforcement activities conducted by or on behalf of an enforcement body may be prejudiced; or

• Where access would reveal details regarding a commercially sensitive decision-making process.

Correction of personal information

Where we believe information, we hold about an individual is inaccurate, out-of-date, incomplete, irrelevant, or misleading, OR an individual requests us to correct information held about them, Spendable will take all reasonable steps to correct such information in a reasonable time frame. No fees are payable for such requests. If you request us to similarly advise a relevant third party of such correction, we will facilitate that notification unless impracticable or unlawful for us to do so.

If Spendable intends to refuse to comply with your correction request, we will notify you in writing of our reasons for such refusal, and the complaints process you may avail if you wish to challenge that decision. You may also request that we associate the personal information we hold with a statement regarding your view of its inaccuracy.

Security of personal information

We take reasonable steps and precautions to keep personal information secure from loss, misuse, and interference, and from unauthorised access, modification, or disclosure. Only authorised personnel have access to personal information as required to perform their roles.

If you use the Internet to communicate with us, you should be aware that there are inherent risks in transmitting information over the Internet. While Spendable utilises SSL security protocols we do not have control over information while in transit over the Internet and we cannot guarantee its security.

Where information is no longer required to be held or retained by Spendable for any purpose or legal obligation, we will take all reasonable steps to destroy or de-identify the information accordingly.

Notifiable Data Breaches Scheme

We will report ‘eligible data breaches’ to the affected individual(s) and the Australian Information Commissioner in relation to the (including suspected) unauthorised access or disclosure of personal information held, which is likely to result in serious harm to the relevant individual(s), and where we have been unable to prevent the likely risk of serious harm with remedial action.

We will formulate a data breach response plan, to limit any negative consequences of such a breach. An effective response involves a process to contain, assess, notify, and review.

Your Consent and Changes to the Privacy Policy

Upon using this web site and our services, you consent to our use and collating of your information as it appears within this policy. Although this is not our immediate intention, periodically, we may utilise this customer information for any unforeseen uses that have not been disclosed within this current privacy notice. If at any time our information practices change in the future, we will amend our policy on this Web site. Should you have any immediate concerns about how your information is used, you should check our Web site sporadically to ensure you are up to date with our current policy.

Privacy Complaints

If you have a complaint relating to our compliance with privacy laws or our treatment of your personal information, please contact our Privacy/Data Protection Officer on 1300 361 954 or via email to support@spendable.com.au. We will investigate your complaint and endeavour to resolve the issue to your satisfaction. If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with the Office of the Australian Information Commissioner by telephoning 1300 363 992 or visiting their website at www.oaic.gov.au