Privacy Policy

1. General intro

1.1. As a financial services company, Eziway Salary Packaging (Eziway) collects and stores our clients’ personal data. In doing so we ensure this data is used and stored in compliance with the Privacy Act 1988 [Cwlth] including the Notifiable Data Breaches (NDB) Scheme which came into effect in February 2018 as part of the Act. We further commit that all the processes which deal with personal data are transparent. This policy explains:

  • what data is processed
  • why we process data
  • whether we share data
  • whether we transfer data outside Australia
  • how we keep data safe, and
  • your rights regarding your data

1.2. We hope that you find this Data Privacy Policy helpful. If you have any questions, please contact us using the details contained in Section 2.2.

2. About Us

2.1. Eziway is located at 1/99 Bald Hill Rd, Pakenham Victoria 3180.

2.2. Enquiries about your data should be referred to our Data Protection Officer at:

  • 1/99 Bald Hill Rd, Pakenham Victoria 3180
  • helpdesk@eziway.net.au, or
  • (03) 8768 5777

2.3. Eziway is a specialist provider of salary packaging and novated leasing services to Australian employers with an FBT-exemption for tax purposes.

3. Your personal data

3.1. We may collect your personal data when we understand that you want to engage our services. In this section, we provide information about how we will manage your personal data.

3.2. What data we hold and how we obtain it:

3.2.1. We will obtain and record information about you when you enquire about our services. Typically, this information is name, email address, date of birth, address, and Payroll ID.

3.2.2. If you visit our website, we may automatically collect information including browser and operator system details, the website from which you came to our website, the pages you visit on our website, the date of your visit, and the internet protocol (IP) address assigned to you by your internet service provider. We collect some of this information using Cookies please refer to Section 5: Cookies for further information. We may also collect personal information that you allow to be shared as part of your public profile on a third-party social network.

3.2.3. Sometimes you will send personal information directly to us, but you may also provide information to third parties including your employer or funding providers who, in turn, may provide information to us. We record information that is necessary only to identify you for the purposes of creating and maintaining a compliant salary packaging account and identify you as a taxable employee.

3.3. How we use your personal data and under what lawful basis.

3.3.1. Where you have given written consent, we:

  • may provide you with marketing information about our services
  • may keep you informed of events that we believe will interest you
  • will use data collected during your interaction with our website to identify products that may be relevant to you and deliver targeted and relevant messaging

3.3.2. Where we are required to do so to meet our contractual requirements to your employer, we may process your information to maintain records, provide settlement fees or other similar transactional activities.

3.3.3. We may process your information to comply with our legal obligations including assisting government agencies such as the Australian Tax Office and State and Federal Police.

3.3.4. We may process your information to allow us to pursue our legitimate interests including:

  • analysing our performance to meet our contractual arrangements with your employer
  • market research, training and to administer our websites
  • the prevention of fraud and other criminal acts
  • undertaking credit checks for finance submissions
  • complying with requests from you including exercising your rights noted in this Privacy Policy
  • the purpose of corporate restructure or reorganisation or sale of our business or assets
  • enforcing our legal rights or in defence of legal proceedings
  • general administration purposes
  • providing you with marketing information about our services
  • keeping you informed of events that we think will be of interest to you

3.4. Will we share your personal data with third parties?

3.4.1. We may at times share your data with companies within our group including: Eziway Leasing Pty Ltd, Eziway Software Solutions Pty Ltd and Eziway Payroll Pty Ltd.

3.4.2. We may disclose your information to third-party service providers for the purpose of providing services to us or directly to you on our behalf. Third-party businesses may include payment card providers and financiers. When we use third-party service providers, we only disclose personal data necessary for them to provide an effective service. We have Service Level Agreements in place with third-party providers that require them to secure your information and not to use it other than in accordance with our instructions.

3.4.3. If we sell all or part of our business to a third party, we may transfer your information to that party to ensure continuity of service or for any of the other purposes noted above.

3.4.4. We may transfer your data to government or other official bodies for the purposes of complying with legal obligations or for the prevention or detection of crime.

3.5. How long do we keep your data?

3.5.1. If you have expressed an interest in using our services or those of our selected partners, but are not packaging with us, we will retain your contact details and related information concerning your enquiry for two years from the date that we last had contact with you.

3.5.2. If you engage our services or those of our selected partners, we are required by law to keep data relating to your packaging account for seven years from the date of the contract.

3.5.3. If you have requested that we do not send you marketing information we will always retain sufficient information to ensure that we comply with your request.

3.5.4. The periods stated in this section may be extended if we are required by law to do so.

4. Transferring your data outside of Australia

4.1. The information that you send to us may be transferred to countries outside Australia. By way of example, this may happen where the servers of our third-party service providers are from time-to-time located in a country outside Australia.

4.2. If we transfer your information outside of Australia in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected. These measures include imposing contractual obligations on the recipient of your personal information or ensuring that the recipients subscribe to international frameworks that aim to ensure adequate data protection. Please contact us if you would like more information about the protections that we put in place.

4.3. If you use our services or those of our selected partners while you are overseas, your information may be transferred outside Australia to provide you with those services.

5. Cookies

5.1. We use Cookies on our website. A cookie is a small text file which is placed onto your computer, or other electronic device, when you visit our website. This enables us to monitor how many times you visit the website, which pages you go to, traffic data, location data and the originating domain name of your internet service provider.

5.2. You can set your browser not to accept cookies; however, some of our website features may not function as a result.

5.3. Our website uses Google Analytics, a service which transmits website traffic data to Google servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage usage.

5.4. By using our website, you consent to the processing of data about you by Google in the manner described in Google's Privacy Policy - external site and for the purposes set out above. You can opt out of Google Analytics if you disable or refuse the cookie, disable JavaScript, or use the opt-out service provided by Google - external site.

6. Data security

6.1. We have adopted appropriate technical and organisational measures to protect the personal data we collect from cyber attack, system error or fraud. We adhere to ISO27001 International Standard on how to Manage Information Security.

6.2. All transmitted data is encapsulated in an SSL, SSH or IPSec tunnel using at-rest encryption.

6.3. Privilege separation is used between applications and databases to ensure no data leaks between systems.

6.4. Where possible, all data transmitted outside of the application environment must be sanitised and removed once input into the applications.

7. Links to other websites

7.1. Our website may contain links to and from other websites (e.g. social media sites such as Facebook, Twitter, Instagram, YouTube and LinkedIn). We accept no responsibility for the way in which they process your personal data. We recommend that you check the privacy policy of each website before you submit any personal data to them.

8. Your rights

8.1. Your right to access data

8.1.1. We permit people to access to the personal information we hold on them. You can make a ‘subject access request’ to us and we will provide you with:

  • a description of the data held
  • an explanation of why we are holding it
  • information about who it could be disclosed to, and
  • a copy of the information in an intelligible form

8.1.2. If you would like to make a ‘subject access request’ please make it in writing to our contact email address noted in Section 2.2 and mark it clearly as Subject Access Request.

8.1.3. We will complete your subject access request within five business days.

8.2. Right to stop marketing messages

8.2.1. You may opt out of receiving marketing emails and phone calls from Eziway. We will update your marketing preferences on your personal record within 1 business day of receipt of an email or phone call from you giving this direction. Our contact details are shown in Section 2.2.

8.3. Right to be forgotten

8.3.1. If we hold your personal data, but it is no longer necessary for us to do so for the purposes outlined in this policy, you may request that they be deletes. Our contact details are shown in Section 2.2. Data will be deleted within 5 business days of your request.

8.4. Right to restrict data

8.4.1. If we hold your personal data and you believe it is inaccurate, you have the right to request us to restrict the data until it is verified. Our contact details are shown in Section 2.2. Data will be restricted within 1 business day of your request.

8.5. Right to complain

8.5.1. If you believe that your data security rights as they have been explained to you, have been breached, you can complain to the Office of the Australian Information Commissioner, a Federal Government agency concerned with your rights in these matters.

9. Policy updates

9.1. This policy was last updated on 7 January 2021.