LAST UPDATED: 4 May 2022
Afterpay is committed to respecting the privacy of your Personal Information. We appreciate that individuals are concerned about the security of their Personal Information and we are committed to protecting any Personal Information in our custody or control. Afterpay is subject to the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
Afterpay’s retailers (which may include online market places), third party suppliers and commercial partners (together, ‘our Partners’) are independent of Afterpay and may have privacy policies which differ from ours. Our Partners are responsible for their own privacy policies and privacy practices. Please contact our Partners directly for further information on their privacy policies.
Collecting Personal Information
Afterpay strives to be fair and open about the way we collect information about you and what we intend to do with the information.
In addition, if you open an Afterpay account with us or use Afterpay Services, we may collect the following types of information:
-Contact information, such as your name, address (including your geolocation), phone number and email.
-Financial information, such as the full bank account numbers and/or credit or debit card numbers that you link to your Afterpay account or give us when you use Afterpay Services.
-Detailed Personal Information such as your date of birth, drivers license number, or other identification information or documents. We may also obtain information about you from third parties including our Partners and related companies, as well as credit reporting bodies and identity verification services, and publicly or commercially available sources for the purposes of complying with relevant legislation (eg. anti-money laundering laws).
We may also collect your Personal Information if you enter a competition or promotion we run (either directly or through our marketing agents or our Partners).
We may collect Personal Information about our Partners’ staff directly from those staff or from our Partners. The information we collect about our Partners’ staff may include your name, position, contact details and training records.
We may also collect the Personal Information of our suppliers and service providers’ staff during the course of our business activities. This information may include your name, contact details and position. We will collect this information directly from you, or from the applicable supplier or service provider.
We may also collect Personal Information from you about the recipient of third-party supplier gift cards purchased by you through our Websites using the Afterpay Services. This information may include the recipient’s name, email address and phone number. It is your responsibility to ensure that you have that person’s consent to provide us and our third party supplier with this information.
We may also collect and handle sensitive personal information about you, such as your health information, to deliver our products or services. We will only collect this information where it is reasonably necessary and we have your consent, or where it is required by law.
In order to help protect you from fraud and misuse of your Personal Information, we may collect information about your use and interaction with our Websites or Afterpay Services. For example, we may evaluate your computer, mobile phone or other access device to identify any malicious software or activity.
We may also collect additional information from or about you in other ways, such as through contact with our customer support team, suppliers or service providers (whether via mail, email or through telephone enquiries), your responses to a market survey, and from interactions with Afterpay’s Partners or as otherwise notified to you at the time.
We may also collect the Personal Information of visitors to our offices. This information may include your name, contact details and position. We will collect this information directly from you. We may also collect and handle sensitive personal information about you, such as your health information, to comply with workplace health and safety laws. For the safety of our staff and visitors, we use camera surveillance, such as CCTV, to monitor our premises. We will only collect this information where it is reasonably necessary, and we have your consent, or where it is required or authorised by or under Australian law.
Using Personal Information
Afterpay only collects, holds and handles information about you that is necessary for us to perform the services you request from us, that is otherwise reasonably necessary for our business activities or if required by law, court, or tribunal order.
We may use Personal Information we collect about you for a number of purposes including:
-provide (or assess whether to provide) Afterpay Services;
-processing transactions for the delivery of third party goods or services available through our Websites;
-process transactions and send notices about your transactions;
-resolve disputes, collect fees, and troubleshoot problems;
-investigate and prevent potentially prohibited or illegal activities;
-enforce our User Agreement with you;
-learn more about your level of satisfaction, your expectations of us and our Partners, and how we can meet them (for example, in relation to Afterpay Services, and the goods offered by Afterpay’s retailers);
-customise, measure, and improve Afterpay Services and the content, layout, and operation of our Websites;
-deliver targeted marketing, service update notices, and promotional offers based on your communication preferences;
-contact you via telephone, text (SMS) or email messaging, including as authorised by our User Agreement;
-compare information for accuracy and verify it with third parties;
-confirm your identity for the purposes of anti-money laundering and counter-terrorism laws and assess applications and your suitability for Afterpay Services;
-to acquire goods or services from you or from your employer;
-for the purpose of performing data analytics including to improve our and our Partners’ services;
- to monitor our premises to ensure the safety of our staff and visitors; to prevent, detect and investigate suspicious or fraudulent activities; and to investigate health and safety incidents involving our staff and visitors;
-for other purposes to which you have consented; and
-as required or permitted by relevant laws and regulations.
You agree that we may use your Personal Information for the purposes for which we collect it and for related purposes which would be reasonably expected by you.
If all or some of your Personal Information is not collected or cannot be verified, we may be unable to provide you with Afterpay Services or a customised experience, engage with you, or do business with you.
How we share Personal Information with other parties
We may share your Personal Information with:
-Our affiliates and related companies;
-Our Partners and the suppliers and service providers who help with our business operations and services, including in relation to transactions, fraud prevention, identity verification, payment collection, marketing, customer service, and technology services;
-Our retailers and third party suppliers, so that they can provide goods or services to you (or the recipient of third party goods or services) or respond to a complaint by you, or to help them improve the quality and standard of service they provide to you. If you transact with a retailer in another country (including the United Kingdom, Canada, the USA and New Zealand), we will disclose personal information to such locations.
-Financial institutions that we may partner with to jointly create and offer a product;
-Credit reporting bodies/agencies and collection agencies, including to report account information, as permitted by law. When we share your Personal Information with credit reporting bodies we authorise them to use that information for the purposes of providing their identity verification services;
-Banking partners as may be required by credit card association rules for inclusion on their list of terminated merchants;
-Companies that we plan to merge with or be acquired by or who may invest in us;
-Law enforcement, government agencies or officials, or other third parties pursuant to a subpoena, court order, or other legal process or requirement applicable to Afterpay; when we need to do so to comply with law or credit card rules; or when we believe, in our sole discretion, that the disclosure of Personal Information is necessary to prevent physical harm or financial loss, to report suspected illegal activity or to investigate suspected violations of our User Agreement;
-Other third parties with your consent or direction to do so.
Please note that these third parties may be in other countries where the laws on processing Personal Information may be less stringent than in your jurisdiction. When we disclose your Personal Information overseas, we will take all reasonable measures to ensure that your information is held, managed and accessed in accordance with appropriate standards for the handling of Personal Information.
To facilitate our global operations we may share personal information with Afterpay and our affiliates and related companies, including those based in Australia, United States, United Kingdom, Canada, China, and New Zealand, and where we operate in Europe. We are bound by an Intercompany Personal Data Transfer Agreement that contains Standard Contractual Clauses.
In addition, you should note that retailers and third party suppliers that you buy goods or services from or contract with (even if such goods or services are purchased using Afterpay Services) have their own privacy policies, and Afterpay is not responsible for their actions, including their information protection practices.
If you open an Afterpay account directly on a third party website or via a third party application, any information that you enter on that website or application (and not directly on Afterpay’s Websites) will be shared with the owner of the third party website or application. These sites are governed by their own privacy policies and you are encouraged to review their privacy policies before providing them with Personal Information. Afterpay is not responsible for the content or information practices of such third parties.
We may require your consent to use and/or disclose your Personal Information if we need to use your information for a purpose that is not related to the purpose for which it was collected.
If you do not consent to Afterpay collecting, using and/or disclosing your Personal Information for such other purposes, this may affect Afterpay’s ability to deliver and improve our products and services, or to engage or do business with you.
When you provide us with your name, date of birth and residential address in establishing your profile with us, you consent (or, where required, we will seek your further consent) to us disclosing that information to credit reporting bodies/agencies and other external agencies, and requesting an assessment of whether it matches personal information held by the body/agency to assist in verifying your identity, including if required under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006. The body/agency may provide us with that assessment and use your personal information, and the names, residential addresses and dates of birth of other individuals, to prepare that assessment. The assessment will not affect your credit score.
If there is a failure to verify your identity in the way described above, we will notify you within the secure Afterpay service or otherwise. In Australia, we use Illion (www.illion.com.au) and/or Equifax (www.equifax.com.au) to provide us with the assessment to assist in verifying your identity.
If you do not want to proceed in this way to verify your identity, you should contact us, as provided below.
Marketing and privacy
Afterpay may send marketing materials from time to time to those who have provided Afterpay with Personal Information about products and services offered by Afterpay and our Partners. We may use your Personal Information to make inferences and present more relevant content, such as your preferred retailers, purchase and spending habits.
If you signed up to receive newsletters or other marketing communications from us, you can opt-out any time by clicking the unsubscribe link at the bottom of the message. You can also log-in to your account to opt-out and update your marketing preferences at any time.
Even after you opt-out or update your marketing preferences, please allow us sufficient time to process your marketing preferences. Unless otherwise required to process your requests earlier by law, it may take up to 5 business days to process your opt out requests in relation to receipt of electronic marketing materials such as emails and SMS, and up to 30 days for all other marketing-related requests.
Even after you’ve opt-out of receiving marketing communications from us, we may still contact you for transactional or informational purposes. These include, for example, customer service issues, returns or product-related inquiries, outstanding payment inquiries, surveys or recalls, or any questions regarding a specific order.
For more information on marketing and the choices you can make, you can also refer to our Marketing Preferences help page.
Controlling Our Tracking Tools
Your browser may give you the ability to control cookies. How you do so, however, depends on your browser and the type of cookie. Certain browsers can be set to reject all browser cookies. If you configure your computer to block all cookies, you may disrupt certain web page features, and limit the functionality we can provide when you visit or use our Websites. If you block or delete cookies, not all of the tracking that we have described in this policy will stop. If you continue without changing your settings, we will assume that you are happy to receive all cookies on this Site. You can change your cookie settings at any time. Some browsers have a “Do Not Track” feature that lets you tell websites that you do not want to have your online activities tracked. These browser features are still not uniform, so we are not currently set up to respond to those signals.
Cookies and third party analytical services
For example, Cookies allow us to save your password so you do not have to re-enter it every time you visit our site.
Most web browsers automatically accept Cookies. You can find information specific to your browser under the “help” menu. You are free to decline our Cookies if your browser or browser add-on permits, unless our Cookies are required to prevent fraud or ensure the security of websites we control. However, declining our Cookies may interfere with your use of our Websites and Afterpay Services.
Controlling Online Interest-Based Ads
We sometimes work with online advertising vendors to provide you with relevant and useful ads. This may include ads served on or through our Websites. This may also include ads served on other companies’ websites. These ads may be based on information collected by us or third parties. For example, your postal code may be used to target an ad for people in your area. These ads may also be based on your activities on our Websites or on third party websites.
In addition to Google Analytics, we may also use other third-party analytics tools including but not limited to Amplitude (an analytics service provided by Amplitude Inc.) to monitor, analyse and collect information about your use of the Websites.
For more information about our ad service provider and its cookies, including information about how to opt out of these technologies, you may visit http://optout.aboutads.info In addition, users may prevent Google’s collection of data generated by your use of the Websites (including your IP address) by downloading and installing a Browser Plugin available at https://tools.google.com/dlpage/gaoptout?hl=en.
Protecting Personal Information
Afterpay will keep your Personal Information secure by taking reasonable steps to protect it from misuse, loss, and unauthorised access, use, modification, and disclosure.
We protect your information using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorised access, disclosure and alteration.
We also review our security procedures periodically to consider appropriate new technology and updated methods. Only properly authorised people who have a need to access Personal Information to perform their job will be able to see or use that information. Even so, despite our reasonable efforts, no security measure is ever perfect or impenetrable.
Accessing and requesting correction of Personal Information
We will strive to ensure that information about you is accurate when we collect or use it. Subject to some exceptions under privacy law, we will let you see the information we hold about you and correct it if it is inaccurate, incomplete or out-of-date. If we do not grant you access to your Personal Information or do not agree to correct your Personal Information we will tell you why.
Unless we do not agree to your request for access to Personal Information, in most cases Afterpay will provide you with access as soon as reasonably possible following receipt of your request. If you request corrections to your Personal Information and Afterpay agrees with your request, these changes will be made as soon as practicable. If Afterpay does not agree to your request for correction, it will notify you of the reasons it does not agree and will note your request on the records it holds about you. If you are dissatisfied with our refusal to provide you with access to, or correct, your Personal Information you may also complain to the applicable regulator in your jurisdiction.
Subject to the terms set out in the Afterpay User Agreement, you can also close your Afterpay account through our Websites. If you close your Afterpay account, we may retain information from your account for a period of time to collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigations, prevent fraud or risk, enforce our User Agreement, or take other actions as required or permitted by law.
If you have a query or concern regarding the way we collect and handle your personal data, or would like to exercise your rights and choices, you can get in touch here or directly to a privacy specialist at:
Email: [email protected]
Mail: GPO Box 2269, Melbourne, VIC 3001, Australia.