As a part of the Ingenico Group, the world leader in secure transaction and payment systems, we respect the privacy of our customers, partners, suppliers and staff. Ingenico is committed to treating all personal information in accordance with privacy laws and the New Zealand Privacy Principles. If you are located in the European Union (EU), you may have rights under the EU General Data Protection Regulation (GDPR).
By providing us with your personal information or your continued used of our products, services, websites or associated services you provide unconditional consent to us collecting, storing, using and disclosing your personal information in a manner set out in this Privacy Statement.
We reserve the right, at our discretion, to make changes this Privacy Statement at any time. Changes will take effect immediately once they are published on this website. Please check this Privacy Statement regularly for modifications and updates. If you continue to use our products and services, website and associated services or if you provide any personal information after we post changes to the Privacy Statement, this will indicate your acceptance of any such changes.
1. Collection of personal information
We may obtain and hold personal information as necessary to enable us to provide services to our customers and to their customers.
Depending on the service offered by us and those that you use, the types of personal information we collect may include but not be limited to:
- First/Last name
- Date of Birth
- Home/Work/Mobile Phone
- Email address
- Residential Address (Copies of documents for the purpose of proof of residential address may be retained by us for verification)
- Bank Name/Branch/Account Name/BSB/Account Number
- Cardholder Name/Card number (PAN)/Expiry Date
- Driver’s Licence No & Expiry (Copies of Driver’s Licence for the purpose of proof of identification may be retained by us for verification)
- Passport No & Expiry (Copies of Passport for the purpose of proof of identification may be retained by us for verification)
- Passwords and Usernames, if you use our merchant portals or apps
If you choose not to provide this information, we may be restricted in our ability to provide services to you.
We do not collect sensitive information in the normal course of business and nor do we collect unsolicited personal information.
If you provide information (including personal information) of other individuals or third parties to us, you must have express consent of such individual or third party to provide such information to us and for us to use such information for the purposes disclosed in this Privacy Statement.
- Measure website usage & effectiveness
- Assist you to more easily navigate the website
- Personalise your website experience though association with your profile information or user preferences
You can turn off cookies in your browser but this may impact on your ability to take full advantage of the website’s features.
3. Use and disclosure
We only use your personal information for the purpose for which it was provided, and in accordance with law. We will not disclose it to other organisations except where necessary to provide our services or if required by law.
If we provide your personal information to other organisations, such as service providers, with whom we work and we expect them to apply at least the same level of protection to your Personal Information. These service providers are subject to contractual restrictions to ensure that information held or processed on our behalf is protected.
We may also check some information provided by you with applicable databases administered by responsible officials from the Australian or New Zealand Governments.
We may disclose your information to third parties that verify the accuracy of information you provide for the purposes of our customer due diligence and credit checking requirements.
During the course of providing you some of our e-commerce solutions, we may be required to disclose some of your personal information to financial institutions and other related organisations in order to comply with contractual and regulatory requirements. Any information disclosed in such a manner is encrypted in line with the receiving institution’s encryption requirements.
We are committed to keeping personal information secure at all times while it is in our control.
We will take all reasonable precautions to protect your personal information from loss, misuse and interference, as well as unauthorised access, modification or disclosure. We encrypt personal information where required by law or regulation, including payment card details.
Our cardholder environment is protected by a variety of security measures, including, but not limited to:
- Intrusion Prevention System (IPS)
- Security Information & Event management (SIEM)
- Penetration Tests
- Vulnerability Scans
We only allow access to personal information to our personnel who need access to that information for a specific purpose.
5. Accuracy, correction and access
We endeavour to ensure that all your personal information we use to provide services is accurate. If you are aware that any personal information that we hold about you is incorrect or out of date, let us know and if possible we will update the information.
You can request to access or correct your personal information held by us by contacting the Data Protection Officer at firstname.lastname@example.org.
We may require you to complete an application form verifying your identity and specifying what information you require or wish to correct. In some circumstances, where permitted by law, a request for access or correction may be refused.
Whilst making a request to access personal employee information is without charge, you may be charged a fee that will reflect our reasonable administrative, postage and handling costs of responding to your request. If the information sought is extensive, we will advise the likely cost in advance and can help to refine your request if required. We will not charge to correct factual errors in personal information.
6. General Data Protection Regulation (GDPR)
This section only applies to the collection and processing of EU personal data by Bambora New Zealand. This section will apply to you and the processing of your EU personal data if you are in an EU country. This section does not apply with respect to your personal information if you are located outside of the EU countries, even though you may be a citizen of an EU country.
For the purposes of this section, the term ‘process’ has the meaning given to it under the GDPR and may include any operation or a series of operations performed on EU personal data, including collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure, by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
EU personal data that is collected by us may have been sourced directly from you, a third party (e.g., our European associates) or implied from your use of our services.
We process EU personal data in accordance with this section and our Privacy Statement. To the extent of any inconsistencies between other sections of our Statement and this section in relation to the processing of EU personal data, this section prevails.
We will only collect and process EU personal data where we have lawful bases the legal grounds to do so. The principal legal grounds that justify our use of your EU personal data include where:
- you have consented to our use of your EU personal data;
- your EU personal data is necessary for us to perform our contracts with you;
- we need your EU personal data to comply with a legal obligation;
- we use your EU personal data to achieve a legitimate interest; and
- your EU personal data is necessary for us in respect of any legal claims by us, you or a third party.
Any EU personal data will be:
- processed lawfully, transparently and in a fair manner;
- collected only for the purposes identified in this Privacy Statement or any other agreed specified purposes and not further processed in a manner incompatible with those purposes;
- collected in an adequate and relevant manner and limited to what is necessary in relation to the purposes for which the EU personal data is processed;
- kept current and up-to-date in accordance with the ‘Accuracy, correction and access’ section of this Privacy Statement;
- stored in a form which permits us to identify you, but only for the period necessary in relation to the relevant purposes identified in this Privacy Statement; and
- stored and processed securely to protect EU personal data against unlawful or unauthorized access and accidental loss, damage or disclosure in accordance with the ‘Security’ section of this Privacy Statement.
In addition to other rights you may have as set out in this Privacy Statement, you may exercise the data protection rights set out below in relation to your EU personal data:
- access and portability: a request can be made by you for a copy of your EU personal data and you may request to be provided with such EU personal data in a structured, commonly used and machine readable format (including for the purposes of transferring to another party).
- restrictions and objections: You may request that we limit our use of your EU personal data or processing by requesting that we no longer use your EU personal data or limit how we use your data, this may include where you believe it is not lawful for us to hold your EU personal data or instances where your EU personal data was provided for direct marketing purposes and now you no longer want us to contact you.
If you have any questions, comments or complaints about our handling of your EU personal data, or wish to contact us regarding your EU personal data, please use the contact details set out below in the ‘Making an enquiry/complaint’ section.
7. Making an enquiry/complaint
If you have an enquiry about this Privacy Statement, the personal information held by us or believe we have breached your privacy, an enquiry or complaint should be made to the Data Protection Officer at email@example.com.
We will consider the enquiry/complaint and endeavour to provide:
- An acknowledgement of your enquiry/complaint by return email within 2 business days.
- Details of any investigation undertaken and resolution of your enquiry/complaint within 30 days.