1. WHY THIS PRIVACY STATEMENT?
BidEnergy Ltd (ACN 131 445 335), its affiliates and related bodies corporate (BidEnergy, we, us and our) are committed to protecting your privacy and your personal information. This Privacy Statement informs you of our privacy practices and of how your personal information is protected. You should read it before accessing our digital content.
This Privacy Statement describes how we process and protect the personal information of individuals who use our websites and other digital content as well as in the context of our offline business activities. Personal information includes information or an opinion about an identified individual or an individual that is reasonably identifiable. For example, this may include your name, age, gender, postcode and contact details
By accessing our digital content, you consent to us collecting, holding, using and disclosing your personal information in accordance with this policy.
2. CHANGES TO THIS PRIVACY STATEMENT
From time to time, we may change our policy on how we handle personal information or the types of personal information which we hold. Any changes to our policy will be published on our website.
You may obtain a copy of our current policy from our website or by contacting us at the contact details above.
This Privacy Statement was last updated on 05/Sep/2020.
3. WHY DO WE COLLECT AND USE PERSONAL INFORMATION?
We collect, hold and use your personal information for four general purposes. These are to:
- provide you with products and services;
- manage our relationship and communicate with you;
- engage in marketing and advertising activities; and
- run our general business activities.
Our primary goal in collecting information is to provide our customers and other users with superior service and a smooth, efficient and personalised experience while using our digital content.
If you do not provide us with your personal information, we may not be able to provide you with our services, communicate with you or respond to your enquiries.
3.1. Provide you with products and services
We use your personal information to:
- provide you with our products, services and digital content via our website or otherwise;
- communicate with you about the status of your order and for contract management purposes;
- obtain payment from you;
- improve our products, services, digital content as well as your user journey;
- provide third party Australian energy service providers (listed in clause 6), who engage with you through our online competitive bidding platform, with your personal information at your request;
- review energy bills we collect on your behalf through our concierge services;
- input information relating to you and your energy bills into your nominated account operated by Xero Limited at your request; and
- reconcile transactions with our business partners or participating suppliers that supply you products because of our services.
3.2. Manage our relationship and communicate with you
We use your personal information to generally manage our relationship with you and provide you with customer support, including dealing with complaints and enquiries. We may also use your information to:
- contact you, for example, to respond to your queries or complaints, or if we need to tell you something important;
- provide you with the technical support you request from us;
- maintain a record of your correspondence, comments and/or personal information, in a file specific to you, to help us provide you better service in the event you contact us again;
- combine information obtained online and the information we collected about you offline to create a profile of you that we may use for giving you personalised services;
- learn about your browsing and searching activity to improve your user experience for your next visits, help our sites run more efficiently, to gather broad demographic information to analyse the sites’ activity and performance, and to evaluate the effectiveness of our advertising;
- communicate with you about the products, services and digital content you have acquired to ensure you use them in the best way possible, including via emails and newsletters (for instance, location data may be used to suggest sources of products or support near you);
- conduct voluntary surveys and polls to obtain information so we can get to know you better, measure satisfaction and improve our products, services and digital content; and
- manage your account and the programmes you join.
3.3. Engage in marketing and advertising activities
We use your personal information to market and advertise our business and products and services to you. This may include using your information to:
- identify and tell you about other products or services that we think may be of interest to you;
- provide you with contextual and targeted advertising;
- engage various services or organisations to analyse collected data about your interaction with our website, services or other aspects of our business;
- run our promotional programmes and activities which may include collecting personal information from you to administer the programme or activity, to send you relevant emails about the programme and activity, notify winners, and make the winners’ list publicly available in accordance with applicable regulations and laws;
- send you marketing information by mail, fax, phone, text messages, email and electronic communications about promotions, news and new products or services that we think may be of interest to you in compliance with applicable opt-in and opt-out requirements (this can be conducted by us, our subsidiaries or selected third-parties acting on our behalf); and
- provide you, through pop-ups, banners, video, emails and any other advertising format, with certain communications and/or targeted advertising about our products and services (or of our subsidiaries). For instance:
- we may provide you with contextual advertising or other content, based on the content of the visited webpage or other information we have about you, when you navigate through our digital content;
- we may collect information on your use of the digital content and the services to provide you with targeted advertising through emails, or banners/pop-ups or other format when you visit the digital content; and also third-party websites or apps that have no link to our digital content.
3.4. Run our general business activities
We also use your personal information for a range of general business purposes. These include to:
- analyse the activities on our websites.
- ensure the security of our products, services and digital content, of our activities and of others;
- protect against fraud and investigate potential breaches of our security or terms and conditions;
- enable business continuity and disaster recovery;
- support corporate transactions or reorganisations in which we are involved;
- receive, consider and process job applications from candidates;
- to provide to service providers so that they can provide us with services that assist us to run our business and the websites;
- comply with our legal and reporting obligations and assist government and law enforcement agencies or regulators; and
- use your information for any other purpose otherwise conveyed to you.
4. WHAT TYPES OF PERSONAL INFORMATION DO WE COLLECT AND HOLD?
We collect personal information about you and your interactions with us for the purposes outlined in clause 4.
The types of personal information we collect and hold about you may include:
- identity and contact related information, such as your name, company, email address, phone number, contact addresses;
- any and all information contained on an energy bill that you or your energy provider may provide us directly or indirectly;
- personal information you give us by using any chatbot service we provide, including your IP address and contact details;
- information you provide us when comparing or obtaining quotes from retail energy providers through our services;
- information you provide us relating to your account with Xero Limited;
- financial related information such as bank account details, credit card information;
- professional related information, such as customer type, job function, job title, purchasing authority and purchasing timeframe;
- your acquisition and use of products, services and digital content provided by BidEnergy or any of our subsidiaries or related parties;
- your preferences such as product and service preferences, contact preferences, marketing preferences;
- your interactions with us such as your queries, orders, claims, survey answers;
- online traffic data such as IP address, device and system identifiers, your BidEnergy user ID and password, log in details, referring website, type of browser used, consulted content and location, based either on your IP address or on information transmitted by your mobile device;
- content that you have provided via online forums or otherwise (see section 6 “Your Content” below); and
- if you are a job candidate, your job interests, criminal and credit history, photos, and educational, professional and employment background.
5. HOW DO WE COLLECT YOUR PERSONAL INFORMATION?
In most instances, the personal information we collect and hold is obtained from you or your employer who has a business relationship with us.
We may also obtain information through a reseller or a business partner, by purchasing customer lists from marketing agencies, from your online browsing experience, and from social networks when you connect with these networks. You may obtain more precise information on the third-party source of personal information (if any) by contacting us at the email address indicated in section 10.
6. WHO DO WE SHARE PERSONAL INFORMATION WITH?
We will not sell or rent your personal information to a third party without your permission.
We may transfer, disclose and share personal information with our subsidiaries and related bodies corporate, service providers involved in our activities including retail energy providers and Xero Limited, with advertising and marketing agencies, with social networks if you use their login credentials, with third-party websites if you register with BidEnergy credentials, competent regulatory bodies and authorities and business successors.
We resort to service providers to carry out data processing activities and to provide our products, services and online content to you. These service providers include, without limitation, providers of hosting facilities, information systems, marketing agencies, IT support, security services, financial services, carriers who deliver products, outside accounting firms, lawyers and auditors.
We also share the information as follows:
- In connection with the provision of our online competitive bidding services, we may share your personal information with the following third-party Australian retail energy providers:
- [insert names of retail energy providers];
- [xx]; and
- In connection with the provision of advertising, we may share some limited personal information (e.g. device identifiers, Cookie identifiers) with ad exchanges or agencies that manage advertising on third-party websites and apps on which you may see advertising.
- BidEnergy may disclose your personal information as necessary to potential buyers and successors in title, to facilitate a merger, consolidation, transfer of control or other corporate reorganisation in which BidEnergy participates.
- Where required by law or court orders or in order to protect our legal rights, we will disclose your personal information to government agencies, regulators and competent authorities.
- In other ways described in this Privacy Statement or to which you have otherwise consented.
- In the aggregate with other information in such a way so that your identity cannot reasonably be determined (for example, statistical compilations).
- When we are required or authorised by law to do so.
7. WHAT IS THE SCOPE OF THIS PRIVACY STATEMENT? WHO IS IN CHARGE OF DATA PROCESSING?
This Privacy Statement applies to all of our subsidiaries and digital content, unless a specific privacy statement or privacy notice has been released to supplement it or to replace it. You should check the privacy statements made available to you on all digital content.
BidEnergy is a global company with legal entities, business processes, management organisations, and a system infrastructure that crosses borders. This Privacy Statement applies to all of our data processing activities run by our wholly owned subsidiaries, including product and service offerings and digital content (e.g. websites, applications, tutorials, e-training, newsletters, advertising, communication). However, it may be supplemented by a more specific privacy notice/statement/policy (statement) or even superseded by another statement specific to a particular BidEnergy programme, product, service, content or entity. It is important that you read the statements made available to you for your full information.
The data controllers of the data processing activities are the BidEnergy subsidiaries who have determined the data processing means and purposes. They may vary on a case by case basis. In many instances, the Head Office of BidEnergy, 14 William Street, Melbourne, is the data controller of global data processing activities, including the www.bidenergy.com website.
Any order made by you online is also subject to the terms and conditions provided on the relevant sites. You must read them.
This Privacy Statement does not cover personal information rendered anonymous, that is, if individuals are no longer identifiable or are identifiable only with a disproportionately large expense in time, cost, or labour. If anonymised data becomes identifiable, then this Privacy Statement shall apply.
8. DO WE DISCLOSE PERSONAL INFORMATION TO OVERSEAS RECIPIENTS?
Due to our nature as a global group of companies, we may disclose your personal information to recipients which are located outside Australia.
9. HOW DO WE PROTECT YOUR PERSONAL INFORMATION?
We are committed to taking commercially reasonable technical, physical, and organisational measures to protect personal information against unauthorised access, unlawful processing, accidental loss or damage, and unauthorised destruction.
We implement and maintain processes and security measures to protect personal information which we hold from misuse, interference or loss, and from unauthorised access, modification or disclosure.
These processes and systems include:
- the use of a secure server to enable you to place orders or access your account information;
- the use of both logins and passwords to determine and authenticate the identity of registered users;
- the use access control measures for our internal systems that hold personal information;
- requiring all employees to comply with internal information security policies and keep information secure;
- requiring all employees to complete training about information security and the handling of personal information; and
- requiring our service providers to maintain security measures similar to ours.
By using our digital content or providing personal information to us, you agree that we may communicate with you electronically or otherwise about related security, privacy, use and administrative issues. In spite of our efforts to implement appropriate security measures, online browsing carries inherent risks and we cannot guarantee that it is risk-free.
10. THIRD-PARTY AND SOCIAL MEDIA WEBSITES
We also provide social media links that enable you to share information with your social networks and to interact with us on various social media sites. Your use of these links may result in the collection or sharing of information about you. We encourage you to review the privacy policies and the privacy settings of the social media sites with which you interact to make sure you understand the information that may be collected, used, and shared by those sites and to adjust these settings as you see fit.
11. WHAT ARE YOUR RIGHTS?
You may access or request correction of the personal information that we hold about you by contacting us by emailing firstname.lastname@example.org.
There is no charge for requesting access to your personal information but we may require you to meet our reasonable costs in providing you with access (such as photocopying costs or costs for time spent on collating large amounts of material).
We will respond to your requests to access or correct personal information in a reasonable time and will take all reasonable steps to ensure that the personal information we hold about you remains accurate, up to date and complete.
You have the right to object to our marketing communications. Your prior consent is sought when required by applicable law. To opt-out of emails, simply use the functionality provided at the bottom of any email we send you.
Country specific sections may supplement this section.
12. IMPORTANT INFORMATION FOR INDIVIDUALS IN THE EU
If you are located in the EU, BidEnergy also complies with GDPR specific requirements including those relating to legal grounds for processing, cross border data transfers, automated decision making and profiling, data retention, additional rights, claims and DPO contact details.
12.1. What legal grounds is BidEnergy relying on to use personal information?
The use of personal information is necessary, with respect to the purposes mentioned in section 3 above.
12.2. Will personal information be transferred abroad?
BidEnergy being a global Company, the teams working on fulfilling data processing purposes may have global or multi-country roles. They can then be located anywhere in the world where BidEnergy operates, including outside the European Union, in countries which do not have equivalent standards for the protection of personal information as in the country where you are located. We may also transfer data to service providers located outside of the EU, including in the United States of America. In the event that these data transfers cannot claim an adequacy decision by the European Commission, BidEnergy will ensure that they comply with applicable legal requirements, for example, by executing standard contractual clauses or through its Binding Corporate Rules for intragroup transfers as a data controller. To obtain more details on these transfers and, where appropriate, copies of the applicable safeguards put into place, you may contact: email@example.com
12.3. Do we use profiling and make automated decisions about you?
We may use profiling to provide you with online content which we believe corresponds to your interests. We combine registration information, such as your work specialty and information about your online activity (i.e. the content you seem to enjoy most) to know you better and provide you with online content corresponding to your profile.
We will not make automated decisions about you that may significantly affect you, unless:
- the decision is necessary as part of a contract that we have with you;
- we have your explicit consent; or
- we are required by law to use the technology. In this case, due notice will be provided. – The duration of our relationship (e.g. contract performance duration, account de-activation, your legitimate need to be recognized when you contact us) – Legal requirements for keeping data – Statute of limitations
12.4. How long will personal information be retained?
We will retain your personal information for as long as the information is needed for the purposes set forth in this Privacy Statement and for any additional period that may be required or permitted by law. More precise information is provided in privacy notices applicable to specific digital content. In general, data retention periods are determined taking into consideration:
- The duration of our relationship (e.g. contract performance duration, account de-activation, your legitimate need to be recognised when you contact us);
- Legal requirements for keeping data; and
- Statute of limitations.
We keep relevant customers’ data for three years after the end of the contract or the last contact for marketing purposes, and contact data for three years after the last contact for the same purposes.
What are your additional rights?
In addition to the rights provided in section 11 above, you may ask us to erase, restrict or port your personal information and object to the use of your personal information. When data processing is based on your consent, you have the right to withdraw your consent at any time by sending a request to the following email address: firstname.lastname@example.org. For processing necessary to perform the contract, or based on legitimate interest, we may not be able to accommodate your request to stop the processing, or if we do so, it may mean that you can no longer access the services or the online content.
If you have a complaint about the way in which we have handled any privacy issue, including your request for access or correction of your personal information, you should contact us. Our contact details are set out below.
We will consider your complaint and determine whether it requires further investigation. We will notify you of the outcome of this investigation and any subsequent internal investigation.
If you remain unsatisfied with the way in which we have handled a privacy issue, you may approach an independent advisor or contact the Office of the Australian Information Commissioner (www.oaic.gov.au) for guidance on alternative courses of action which may be available.
14. CONTACT DETAILS
If you have any questions, comments, requests or concerns, please contact us by emailing email@example.com or in writing addressed to:
ATTN: Data Protection Officer
15 William Street
Melbourne VIC 3000