Online Payment Privacy Statement - Replacement of Results service (Xilo.Com)

The VCAA Replacement of Results service uses the e-commerce service provider Xilo.com (www.xilo.com). The following is the Privacy Statement that applies to this service:

National Privacy Principles

The Privacy Amendment (Private Sector) Act 2000 has been in force since 21 December 2001, and they impose rigorous National Privacy Principles (NPPs) under which most businesses must operate.

This page briefly explains the 10 NPPs and what steps Xilo Online has taken to comply with the spirit as well as the letter of the new legislation. Our services handle financial transactions on behalf of our clients, and it is important that you understand what we are doing to protect your privacy and the privacy of your customers.

(1) COLLECTION

COLLECTION OF PERSONAL INFORMATION IS ONLY ALLOWED IF IT IS NECESSARY FOR THE FUNCTION OR ACTIVITY OF THE ORGANIZATION.

ORGANISATIONS MUST EXPLAIN THEIR INFORMATION PRACTICES TO INDIVIDUALS AT THE TIME WHEN THEY COLLECT THEIR PERSONAL INFORMATION.

Xilo Online requires you to supply only the minimum information needed to provide the service to you, for example contact information and merchant account information. We do not collect information that is not relevant to this central purpose, for example demographic or marketing information.

For the processing of financial transactions we only require information from your customers such as name and credit card details, which are required by the financial institutions, and email address for sending a receipt.

(2) USE AND DISCLOSURE

PERSONAL INFORMATION SHOULD NOT BE USED OR DISCLOSED FOR THE PURPOSE OTHER THAN FOR WHICH IT IS COLLECTED WITHOUT THE CONSENT OF THE INDIVIDUAL CONCERNED.

Any information provided by you to Xilo Online is used solely for the purpose of service provision to you. We do not disclose your information to any other party except where the other party is a part of the service provision chain, such as the payment gateway provider and the banks.

Information collected about your customers and disclosed to you through our system is to help you provide service to your customers. We urge you to take similar steps to protect the privacy of this customer information.

(3) DATA QUALITY

ORGANISATIONS MUST TAKE REASONABLE STEPS TO ENSURE THAT PERSONAL INFORMATION COLLECTED USED OR DISCLOSED BY THEM IS ACCURATE, COMPLETE AND UP TO DATE.

It is absolutely essential that your information is accurate, complete and up to date for the proper functioning of our system. Therefore we have provided you with the full ability to view and make amendments to your information at any time.

In this way, the quality of your data is completely in your hands.

(4) DATA SECURITY

ORGANISATIONS MUST TAKE REASONABLE STEPS TO PROTECT PERSONAL INFORMATION THEY HOLD, AND MUST NOT HOLD DATA LONGER THAN IT NEEDS.

Xilo Online is fully cognisant of the sensitive nature of the financial data in our database. We have taken a number of different measures to safeguard the confidentiality and integrity of the data. These include physical, electronic and procedural security.

(5) OPENNESS

ORGANISATIONS MUST CLEARLY EXPRESS AND MAKE AVAILABLE THEIR POLICIES ABOUT HOW THEY COLLECT, HOLD, USE AND DISCLOSE PERSONAL INFORMATION.

This message is our first step in explaining our privacy policies to you. We will shortly be providing a more detailed statement on our website at www.xilo.com.

(6) ACCESS AND CORRECTION

ORGANISATIONS MUST PROVIDE INDIVIDUALS WITH ACCESS TO INFORMATION ON REQUEST AND THE RIGHT TO HAVE THAT INFORMATION CORRECTED IF IT IS NOT ACCURATE, COMPLETE AND UP-TO-DATE.

Your information held by Xilo Online may be viewed and changed at any time.

(7) IDENTIFIERS

AN ORGANISATION MUST NOT ADOPT AS ITS OWN IDENTIFIER OF AN INDIVIDUAL AN IDENTIFIER OF THE INDIVIDUAL THAT HAS BEEN ASSIGNED BY:

(I) AN AGENCY (INCLUDES COMPANY AND GOVERNMENT DEPARTMENT); OR (II) AN AGENT OF AN AGENCY ACTING IN ITS CAPACITY AS AGENT; OR (III) A CONTRACTED SERVICE PROVIDER FOR A COMMONWEALTH CONTRACT ACTING IN ITS CAPACITY AS CONTRACTED SERVICE PROVIDER FOR THAT CONTRACT.

Xilo Online does not use third-party identifiers. We assign our own identifiers for our clients and, in most cases, this identifier is selected by the client.

(8) ANONYMITY

WHERE LAWFUL AND PRACTICAL, INDIVIDUALS MUST BE GIVEN THE OPTION OF REMAINING ANONYMOUS WHEN ENTERING INTO A TRANSACTION WITH AN ORGANISATION. HOWEVER, IT IS NOT REQUIRED TO PROVIDE THIS OPTION WHERE IT IS IMPRACTICABLE TO DO SO.

For the purpose of financial transactions, it is neither lawful, practical or indeed possible to provide the service on an anonymous basis.

(9) TRANSBORDER DATA FLOW

AN ORGANISATION IN AUSTRALIA MAY TRANSFER PERSONAL INFORMATION ABOUT AN INDIVIDUAL TO SOMEONE WHO IS IN A FOREIGN COUNTRY ONLY IF:

(I) THE ORGANISATION REASONABLY BELIEVES THAT THE RECIPIENT OF THE INFORMATION IS SUBJECT TO A RULE OF LAW THAT EFFECTIVELY UPHOLDS PRINCIPLES FOR FAIR HANDLING OF THE INFORMATION THAT ARE SUBSTANTIALLY SIMILAR TO THE NPPS; OR (II) THE INDIVIDUAL CONSENTS TO THE TRANSFER, OR BROADLY SPEAKING, THE TRANSFER IS FOR THE BENEFIT OF THE INDIVIDUAL.

Xilo Online does not transfer your information to any other party, whether within or outside Australia.

Xilo Online does not collect any such sensitive information about our clients or their customers.

(10) SENSITIVE INFORMATION

ORGANISATIONS MUST NOT COLLECT SENSITIVE INFORMATION ABOUT INDIVIDUALS UNLESS THE INDIVIDUAL CONSENTS, OR IF THE ORGANISATION IS REQUIRED TO DO SO BY LAW.

SENSITIVE INFORMATION INCLUDES:

(I) INFORMATION OR AN OPINION ABOUT AN INDIVIDUAL'S:

· RACIAL OR ETHNIC ORIGIN;

· POLITICAL OPINIONS;

· MEMBERSHIP OF A POLITICAL ASSOCIATION;

· RELIGIOUS BELIEFS OR AFFILIATIONS;

· PHILOSOPHICAL BELIEFS;

· MEMBERSHIP OF A PROFESSIONAL OR TRADE ASSOCIATION;

· MEMBERSHIP OF A TRADE UNION;

· SEXUAL PREFERENCES OR PRACTICES; OR

· CRIMINAL RECORD;

(II) HEALTH INFORMATION ABOUT AN INDIVIDUAL.

Xilo Online does not collect any such sensitive information about our clients or their customers.