GPS provides a range of services to its clients comprising secure currency management and ATM management services. In the course of carrying out its functions and activities in delivering the services, GPS collects, holds, uses and discloses personal information.
We respect your rights to privacy under the Privacy Act 2020 (Act) and the Privacy Principles (PPs) and we comply with all of the requirements in respect of the collection, management and disclosure of your personal information set out in the Act and the PPs.
We may collect the following types of personal information about you:
We may also collect some information that is not personal information because it does not identify you or anyone else. For example, we may collect anonymous answers to surveys or aggregated information about how users use our website.
Certain personal information we collect is “sensitive information” such as information about racial or ethnic origin, political opinion, religious beliefs, sexual orientation, information about credit, information about health and safety (including workers compensation claim records and work health and safety investigation records), personnel records, criminal records, employee records, membership of a professional trade organisation or trade union.
We generally only collect sensitive information about you with your consent. However there are certain circumstances where we are authorised to collect and hold sensitive information without the consent of the individual concerned. These include where the collection:
In the course of dealing with customers, suppliers, job applicants and services providers, GPS may collect personal information.
GPS may collect your personal information directly from you unless it is unreasonable or impracticable to do so. GPS may collect personal information from you when you:
We may also collect personal information from third parties including:
If at any time you supply us with personal information about another person (for example, a referee) you should ensure that you are authorised to do so and you must agree to inform that person who we are, that we will use and disclose their personal information and that they may gain access to it should we hold that information.
Where practical and lawful, you can deal with us anonymously or using a pseudonym, if you wish. However, in many instances, if you do not provide us with the personal information described above, some or all of the following may happen:
We collect personal information about you so that we can perform our business activities and functions. We collect, hold, use and disclose your personal information for the following purposes:
You authorise us to disclose necessary information to related companies and to any agents or contractors who provide services to us in connection with the provision of products or services you have sought from us. These parties are prohibited from using your personal information except for the specific purpose for which we supply it to them.
Your access to, use of, linking to the website, downloading information or PDF files on the website (collectively, your Access) is conditional on your acceptance and compliance without alteration of the terms set out in this document, and elsewhere on the website. By continuing to access the website you are agreeing to the terms.
Intellectual Property Rights
You may use this website only for your personal and non-commercial purposes. Except to the extent permitted by relevant copyright legislation, you must not use, copy, modify, transmit, store, publish or distribute the material on this website, or create any other material using material on this website, without obtaining the prior written permission of GPS.
Trade marks (whether registered or unregistered) and logos must not be used or modified in any way without obtaining the prior written consent of GPS.
The website, products, technology and processes contained in this website may be the subject of other intellectual property rights owned by GPS or by third parties. No licence is granted in respect of those intellectual property rights other than as set out in these terms. Your use of this website must not in any way infringe the intellectual property rights of any person.
As our website is linked to the internet, and the internet is inherently insecure, whilst we take reasonable steps to protect any information provided on and through our website, we cannot provide any assurance regarding the security of transmission of information you communicate to us online. We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet. Accordingly, any personal information or other information which you transmit to us online is transmitted at your own risk.
Our website/s may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third party website and we are not responsible for the privacy policies or the content of any third party website. Third party websites are responsible for informing you about their own privacy practices.
We may disclose your personal information to the third parties listed below for one or more of the purposes described above, some of whom may be located overseas:
We may combine or share any information that we collect from you with information collected by any of our related bodies corporate (within Australia).
We may send you direct marketing communications and information about our services that we consider may be of interest to you. These communications may be sent in various forms, including mail, SMS, fax and email, in accordance with applicable marketing laws, such as the Unsolicited Electronic Messages Act 2007 . If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. In addition, at any time you may opt-out of receiving marketing communications from us by contacting us (see the details below) or by using opt-out facilities provided in the marketing communications and we will then ensure that your name is removed from our mailing list.
We may disclose personal information to our related bodies corporate and third party suppliers and service providers located overseas for some of the purposes listed above.
We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information.
We may disclose your personal information to entities located outside of New Zealand, including the following:
We take reasonable steps to ensure your personal information is protected from misuse and loss and from unauthorised access, modification or disclosure.
We may hold your information in either electronic or hard copy form. Personal information is stored securely and is subject to restricted staff access, personal logins, IT and security policies, secure archiving and document management controls.
We have a Data Breach Response Plan in place to assist us in responding quickly to suspected data breaches. We also have dedicated internal resources to assist us in managing a “notifiable data breach” under the Act, which occurs where:
and a reasonable person concludes that such access or disclosure, or loss of information would be likely to result in “serious harm” (such as serious physical, psychological, emotional, economic, reputational or financial harm) to any of the individuals to whom the information relates.
If we suspect an eligible data breach has occurred but do not have reasonable grounds to believe there has in fact been a breach, we will carry out a reasonable and expeditious assessment as soon as possible and in any event, within 30 days of suspecting a breach, to determine whether there are reasonable grounds to believe that there has in fact been an eligible data breach.
If we have reasonable grounds to believe that there has been a notifiable data breach, we will, as soon as practicable, provide a statement to the OPC setting out the details of the breach in a form required by the OPC (Notification Statement). If practicable, we will take reasonable steps to notify the contents of the Notification Statement to each individual to whom the relevant information relates, or to each individual who may be at risk of serious harm from the eligible data breach. If neither of these two options are practicable, we will publish a copy of the Notification Statement on our website, and take reasonable steps to publicise the contents of the Notification Statement. In providing the contents of the Notification Statement, we will inform you of our recommendation of steps that individuals can take to protect themselves from such data breach.
We take reasonable steps to destroy or permanently de-identify and archive any personal information when it is no longer needed or when we are no longer required by law to retain it (whichever is the later).
You may request access to any personal information we hold about you at any time by contacting us using the contact information below.
We will need to verify your identity before giving you access. We may charge you a reasonable fee to cover our administrative and other reasonable costs in providing the information to you. We will not charge for simply making the request and will not charge for making any corrections to your personal information.
There may be instances where we cannot grant you access to the personal information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal and details of how you can complain if you are not satisfied with our decision.
We will take reasonable steps to ensure that the information we collect, store, use or disclose about you is accurate, complete and up-to-date, and relevant for any purpose for which it is used or disclosed. However, if you believe that personal information we hold about you is incorrect, incomplete or inaccurate, then you may ask us to update or correct it. We will consider if the information requires amendment. If we do not agree that there are grounds for amendment then we will add a note to the personal information stating that you disagree with it.
If you believe that your privacy has been breached, or if you have any questions about your privacy, please contact us using the contact information below and provide details of the incident so that we can investigate it. We will treat your complaint confidentially, investigate your complaint and aim to ensure that we contact you and your complaint is resolved within a reasonable time (and in any event within the time required by the Act, if applicable).
You can contact our Privacy Officer via:
DCA Privacy Officer
L6, 30 Convention Centre Place
Tel +61 3 9320 9000