Privacy and Reporting Policy
Privacy & Credit Reporting Policy
WHO ARE WE AND HOW DOES THIS POLICY APPLY?
This policy applies to Ampol Limited (ACN 004 201 307) and its related bodies corporate (collectively referred to in this policy as "Ampol", “we” or “us”).
WHAT IS THE PURPOSE OF THIS POLICY?
Your privacy is important to Ampol and we are committed to handing your personal information in accordance with the applicable legislation and this policy.
This policy outlines how Ampol manages the personal information and credit-related personal information that we hold about our customers, potential customers, employees, suppliers and others. Ampol is bound by the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) ("Privacy Act") and the applicable parts of the credit reporting requirements in Part IIIA of the Privacy Actand the Privacy (Credit Reporting) Code 2014.
Under the Privacy Act, and throughout this policy, "personal information" means information or an opinion relating to an identified individual, or an individual who is reasonably identifiable. In this policy, where we refer to "you" or "your", we are referring to natural persons as opposed to entities such as companies, partnerships or trusts.
This document is divided in to three parts:
Part I of this policy details Ampol’s management of personal information generally.
Part II of this policy provides specific details about how Ampol manages credit-related personal information.
Part III of this policy sets out how Ampol protects personal information and credit-related personal information, and how you may seek access to, or correction of, or make a complaint about, that information.
PART I - MANAGEMENT OF PERSONAL INFORMATION
HOW DOES AMPOL COLLECT PERSONAL INFORMATION?
The main way in which Ampol collects personal information is directly from you, including through completion of paper-based or electronic forms, in face-to-face meetings, during telephone calls made to the Ampol call centre andthrough security video surveillance at our sites. Ampol may also collect personal information through your use of Ampol's mobile application (“Ampol App”) and Ampol's website.
In addition, Ampol may collect personal information about you from third parties. This may happen without your direct involvement. For instance, we may collect your personal information from:
- publicly available sources of information, such as public registers and social media platforms
- your representatives (including your legal adviser, executor, or administrator)
- your employer
- other organisations, who, jointly with Ampol, provide products or services to you
- operators of Ampol outlets
- recruitment agencies
- commercial information service providers, such as companies that provide various background checks and fraud prevention reports
- other third parties, such as those that assist Ampol with its marketing activities.
WHAT INFORMATION DOES AMPOL COLLECT AND HOLD AND WHY?
The types of personal information Ampol may collect about you is dependent upon your relationship with us.
Below are some examples of the types of personal information that Ampol may collect as well as reasons why we may collect such information.
Ampol collects personal information of our customers and potential customers for the primary purposes of supplying our products and services, supporting our related business activities and responding to your queries.
- contact details of our customers, including name, address, telephone number and email address; and
- financial information of our customers necessary to process payments, such as bank account details, or credit, debit or prepaid card details.
We may also collect the following additional personal information about our customers and potential customers:
- If Ampol needs to verify a customer’s identity or conduct credit checks, it will collect additional personal information from the customer to enable it to do so, such as date of birth and driver’s licence details.
- If you are an Ampol App customer, then Ampol will also collect such information as:
- details of purchases made through the Ampol App
- location data for the purchases
- data regarding your usage of the Ampol App.
- If you apply for an AmpolCard and provide it to another driver for their use, Ampol may collect that driver’s name and vehicle details.
(b) Job candidates
Ampol may collect the following personal information about job candidates to facilitate our recruitment processes and pre-employment relationship with them:
- contact details, such as name, address telephone number and email address
- other personal information included in resumes, such as academic qualifications, employment history, and referee details
- licenses, memberships or certifications by professional organisations (such as legal, accounting, engineering) and other similar information that evidences your qualification and/or ability to perform the requirements of the role
- details of identification documents, such as your passport, for the purpose of conducting pre-employment background checks
- photographs and videos
- results of psychometric or aptitude testing and of pre-employment medical, working rights, criminal record and other background checks.
(c) Employees and individual contractors
In addition to the personal information collected by Ampol in connection with its recruitment activities, other personal information that may be collected by Ampol about its employees and contractors to support a variety of its business and workforce related functions, and to comply with applicable laws, includes:
- date of birth
- bank account details
- tax file number
- limited health and medical information
- work performance information
- trade union membership details, where requested by you for subscription deduction
- contact details of your nominated emergency contact.
In order to facilitate the acquisition of products and services supporting Ampol’s business activities and to ensure that our suppliers are of good character and have the necessary skills, Ampol may collect the following personal information about its suppliers and service providers:
- contact details, such as name, address, telephone number and email address
- financial details for payment, such as bank account details
- other personal information of employees of the suppliers that may be required to enable Ampol to run necessary background checks or to confirm qualifications. This may include details of identification documents and licences, memberships or certifications.
(e) Franchisees, other operators of Ampol sites and distributors of our products and services
Ampol collects a range of personal information about directors, shareholders, partners, trustees or principals of the businesses that enter into various types of distribution and similar arrangements with Ampol to support Ampol’s commercial activities related to business-to-business and distribution initiatives. This may include the following categories of personal information:
- contact details, such as name, address, telephone number, email address
- financial details, including bank account details for payment, and details of personal assets and liabilities
- results of background checks that Ampol may need to run, such as:
- good character and criminal background checks, which may include national police checks; anti-money laundering/counter terrorism financing rules global screening checks; and criminal watch list checks
- credit file authentication checks
- public record checks
- bankruptcy records checks (including at an international level)
- land titles checks
- civil litigation checks
- information confirming identity, including certified 100 points of ID
- information regarding entitlement to work in Australia.
Ampol Limited’s securities are traded on the Australian Stock Exchange and Ampol collects personal information about its shareholders, such as:
- contact details for share register purposes, including name, address and email address
- financial details, including tax file number and bank account details.
(g) Potential customers and others
If you contact Ampol’s call centre, we may collect personal information from you to assist you with your query or to process your complaint. While you can contact us anonymously, if you do so, we may not be able to assist you.
Some of the other reasons why we may collect your personal information include:
- to contact you about our products and services (for further information about Ampol’s direct marketing activities, refer to the relevant section below). For example, if you participate in a competition or a contest run by Ampol, we will collect your contact details. We may use those details to market our products and services to you;
- to conduct market research and data analytics to better understand your needs, improve our product and services offering and to effectively manage risks;
- to allow us to perform various administrative and operational functions in our business; and
- to detect fraud and to comply with our legal and regulatory obligations.
DOES AMPOL COLLECT SENSITIVE INFORMATION?
Sensitive information is a special category of personal information, such as health information, criminal record information, or information about your trade union memberships, race, sexual orientation or religious beliefs. As you can see from the above section, Ampol may collect some sensitive information about you in certain circumstances. However, Ampol will only collect such information with your prior consent, unless we are permitted or required by law to do so without your consent.
WHAT PURPOSES DOES AMPOL USE AND DISCLOSE PERSONAL INFORMATION FOR?
Subject to the exceptions set out in the Privacy Act (for example, the disclosure of personal information when required by law), Ampol will only use and/or disclose your personal information for:
- the primary purpose for which it is collected;
- a related purpose, where you would reasonably expect that it would be used and/or disclosed without your further consent;
- other purposes, where you have consented to the relevant use or disclosure.
Generally, Ampol will only disclose your personal information internally, within the group of Ampol companies, and/or to a third parties for one of the purposes referred to above.
The third parties that Ampol may disclose your personal information vary depending on the particular circumstances in each case, but typically involve service providers that assist Ampol to run its business and fall into the following categories:
(a) In a recruitment and employment context:
- recruitment agencies and platform providers: to assist Ampol with recruitment activities, including for pre-employment and ongoing background screening where required in the role
- superannuation funds: in connection with payment of superannuation contributions
- payroll administration services providers: to process payment of wages and other employment-related entitlements to you
- insurers and their agents: to enable insurers to process employee disability and death claims as well as workers compensation claims
- medical specialists or allied health professionals: including to determine fitness for work and to discharge Ampol’s work health and safety obligations
- other technology service providers: that provide and support Ampol’s employment-related systems and platforms.
(b) Generally, in a commercial context:
- third party service providers:
- companies that assist with Ampol’s marketing activities, competitions and promotions, which may include Meta (previously known as Facebook) and Google
- technology service providers that assist Ampol with various business activities and functions, including ensuring the security of Ampol's computer network, mobile applications and payment processing is maintained
- professional advisors, auditors and insurers
- billing and mailing houses
- logistics providers
- merchant facility providers
- loyalty card program operators and partners: for example, roadside assistance services providers
- credit reporting agencies: please refer to the relevant section below for further detail
- debt collection and recovery agencies: that help Ampol to recover overdue payments
We may also disclose your personal information to comply with legislative and regulatory requirements or in connection with law enforcement activities, for example, to assist police investigations.
WILL AMPOL SEND YOU MARKETING MATERIAL AND WHAT CAN YOU DO TO STOP THAT?
We may use personal information of our customers or prospective customers for the purpose of marketing by Ampol of our products or services by various means, including mail, email, SMS, through social media and targeted advertising or by other electronic means. We may also contact you about products and services offered by our partners. In our marketing activities, we will comply with the applicable privacy legislation, including the Australian Privacy Principles, including by obtaining your consent as may be required.
If you wish to opt-out from receiving marketing material from Ampol, you can contact the Privacy Compliance Officer (contact details below). If direct marketing is by electronic means, such as email or SMS, you can also use the unsubscribe facilities provided in the relevant messages to opt-out. Ampol will not charge you or in any way disadvantage you if you choose to opt out of receiving marketing material.
If you opt out of receiving marketing material from Ampol, we will still send you service-related operational information and may contact you if we are required to do so by law.
DOES AMPOL SEND YOUR PERSONAL INFORMATION OVERSEAS?
Ampol may disclose information about you to entities or individuals located in the countries other than the country where personal information was collected. Ampol may disclose your personal information to the following overseas recipients:
- other members of Ampol Group that are not located in Australia (including those members located in Singapore, New Zealand and the USA);
- other companies or individuals who assist us in providing services or who perform functions on their behalf (such as third party service providers and professional advisers), including those located in the United Kingdom, New Zealand, USA, Singapore, Philippines and India;
- anyone else to whom you authorise us to disclose it; and
- as may be otherwise authorised or required by law.
PART II - MANAGEMENT OF CREDIT REPORTING INFORMATION
WHAT CREDIT-RELATED PERSONAL INFORMATION DOES AMPOL COLLECT AND HOLD?
Ampol collects and holds credit-related personal information in connection with applications for credit, which are predominantly applications for commercial credit for business purposes.
In this policy, credit-related personal information includes:
- credit eligibility information, being the information that Equifax, the credit reporting body used by Ampol, provides to us. This may include a corporate and director credit score, to enable us to assess a customer’s overall credit worthiness;
- information that Ampol, as a credit provider, derives from credit reporting information disclosed to us by Equifax, such as internal credit risk rating; and
- other credit-related information that Ampol may collect and hold, such as:
- identity particulars of individuals associated with the applicant for credit, including contact name, address, date of birth, phone numbers, employer and drivers licence number. This information is mainly collected about the directors, shareholders, partners, trustees or principals of the business, but some personal information may also be collected about others in that business (such as the account management staff or a guarantor, where deemed necessary by Ampol);
- financial information relating to directors, shareholders, partners, trustees or sole traders, and any person who acts, or proposes to act, as a guarantor;
- historical insolvency information of directors, shareholders, partners, trustees, sole traders or managers associated with a business applying for credit;
- consumer credit information of directors, partners, trustees or sole traders, anyone acting or proposing to act as a guarantor, or any individual applying for credit. This information is obtained from credit reporting bodies where Ampol believes it is necessary to assess the credit worthiness of individuals associated with the applicant for credit, including guarantors;
- a record that we have made a request with a credit reporting body for credit related information; and
- where an application for commercial credit is made by a sole trader or an application for consumer credit is made by an individual, and we have made a request with a credit reporting body in connection with such an application, the type and amount of credit that has been applied for.
WHAT DOES AMPOL USE CREDIT-RELATED PERSONAL INFORMATION FOR?
Personal information provided to Ampol in connection with an application for credit is principally used to assess that application and for the ongoing management of a credit account in the name of the applicant (if the application is successful), and otherwise as permitted by law. This may involve one or more of the following:
- assessing the credit worthiness of the applicant, or individuals associated with the applicant (in the case of a business applying for commercial credit) where that is deemed necessary by Ampol, including obtaining both consumer and commercial credit reports from credit reporting bodies;
- disclosing personal information to credit reporting bodies before, during or after the granting of credit to the applicant, including but not limited to identity particulars (as outlined above), payment defaults of individuals and serious credit infringements;
- obtaining and verifying personal information from a motor vehicle or land title registry or from a business that provides credit worthiness information;
- providing to or exchanging personal information with any person whose name is given to Ampol in connection with an application for credit;
- providing personal information to debt collection and recovery agencies and lawyers in connection with debt collection activities;
- exchanging personal information with another credit provider who is named in an application for credit or in a credit report issued by a credit reporting body, or a credit provider who proposes to provide credit to an applicant, principally for (but not limited to) the following purposes:
- assessing the applicant’s credit worthiness;
- assisting the applicant to avoid defaulting in their credit obligations;
- assessing the applicant’s position if they fall into arrears;
- notifying other credit providers of the applicant’s default;
- exchanging information about the applicant’s credit obligations with other credit providers; and
- administering the applicant’s credit facility.
WHO IS CREDIT-RELATED PERSONAL INFORMATION DISCLOSED TO?
Ampol discloses credit-related personal information to third parties in the circumstances and for the purposes described in the section above, including to the following credit reporting body Ampol uses:
(formerly known as Veda Advantage)
Phone: 13 8332
To obtain a copy of your credit file held by Equifax, or to view a copy of Equifax’ policy about the management of credit-related personal information, please visit www.mycreditfile.com.au.
As noted above, Ampol may disclose your personal information overseas, which at times may include your credit-related information.
SOME OF YOUR RIGHTS IN RELATION TO CREDIT REPORTING BODIES
- Opting out of pre-screening: Under the Privacy Act, a credit reporting body may use your credit-related personal information to assist a credit provider to market to you by pre-screening you for direct marketing by the credit provider. You have a right to request a credit reporting body to exclude you from such a direct marketing pre-screening by contacting that credit reporting body.
- Suspicion of fraud: If you reasonably believe you have been, or are likely to be, a victim of fraud (including identity fraud), you have a right to request a credit reporting body not to use or disclose any credit-related personal information held by that body about you for a minimum of 21 days (referred to as a "ban period"). Ampol reserves the right to delay or refuse any application for credit where it reasonably believes it requires credit-related personal information about an individual, but is unable to obtain such information because a ban period is in effect for that individual.
PART III - PROTECTION, ACCESS, CORRECTION AND COMPLAINTS
In this Part III, the term 'personal information' includes credit-related personal information.
HOW DOES AMPOL HOLD AND PROTECT PERSONAL INFORMATION?
Ampol stores personal information in a range of paper-based and electronic forms.
(a) Paper security - where personal information is stored in physical form, Ampol may use a variety of mechanisms to protect the security and integrity of such information, which might include:
- locking personal information in cabinets and only giving access to those employees who have a need to use it
- using other access control measures such as keyed access, security alarms and surveillance cameras to deter and detect unauthorised access.
(b) Computer and network security - Ampol adopts a number of security measures to protect information from unauthorised access to its computer systems which include:
- access control for authorised users such as user names and passwords
- limiting access to shared network drives to authorised staff
- virus checking
- specialised IT support to deal with security risks.
(c) Communications security - transmission of personal information may involve insecure telecommunications lines. Security of such transmissions is enhanced by:
- PIN numbers and passwords required for some telephone and internet transmissions
- identity checking before disclosing any personal information
- encryption of data for high-risk transmissions.
Personal information in Ampol's possession may be retained in archival storage. Generally, Ampol will securely destroy or de-identify personal information after a period of seven (7) years following its collection or following an employee's separation from Ampol unless it is required, or may be required, to be kept for a longer period because of the purpose(s) for which it was originally collected.
HOW CAN YOU ACCESS YOUR PERSONAL INFORMATION?
If you want to access your personal information held by Ampol, please put your request in writing and clearly identify the personal information you seek access to. This is important to ensure that the information can be retrieved quickly and cost effectively. All requests for access must be addressed to Ampol’s Privacy Compliance Officer (see contact details below).
Depending on the circumstances, Ampol reserves the right to charge you a reasonable administrative fee in connection with your request to access personal information.
For example, Ampol's reasonable administrative costs might include:
- reasonable staff costs in locating and collating the information;
- reasonable reproduction or photocopying costs; and
- reasonable costs involved in having someone explain the information to you.
If a fee is charged for providing access, you will be advised of the likely cost in advance.
In some instances, Ampol may not release the personal information. For example, if the information reveals the details of a commercially sensitive decision-making process, then Ampol may decide to give you an explanation of the commercially-sensitive decision rather than direct access to the information.
WHAT IF YOUR PERSONAL INFORMATION IS INACCURATE?
Ampol will take reasonable steps to correct personal information that is inaccurate. You should contact Ampol if your personal information changes. If Ampol believes it is inappropriate to delete or alter the original information, it will discuss with you alternative ways of correcting the information that satisfies the needs of both parties.
Where a request to correct personal information relates to credit-related information, Ampol will notify the individual of its decision as to whether it agrees to correct that information in writing. Where Ampol does not agree to amend credit-related personal information held about you, Ampol will provide you with reasons for its decision and details of how you may make a complaint about Ampol's decision.
HOW DO YOU MAKE A COMPLAINT?
If you wish to make a complaint to Ampol about a possible breach of privacy, including about Ampol’s handling of your credit-related information, please provide full details of your complaint to us in writing (see contact details below).
If you are not happy with how Ampol has handled your complaint, you may then contact the Office of the Australian Information Commissioner here.
If your complaint specifically concerns credit-related personal information and you believe Ampol has not complied with its obligations under the Privacy Act or the Credit Reporting Code of Conduct in connection with its handling of such information, Ampol will acknowledge your complaint within 7 days of receiving it, and aim to investigate and resolve complaints within 30 days. If that is not possible, we will seek to agree a longer period with you. Ampol will notify you of the outcome of its investigation in writing, including details of how you make a complaint if you are not satisfied with Ampol's decision.
HOW WILL CHANGES TO THIS POLICY BE NOTIFIED?
HOW TO CONTACT US?
If you would like more information concerning Ampol's approach to privacy or have any concerns above how Ampol handles your personal information you can contact Ampol’s Privacy Compliance Officers using the following contact details:
By post: The Privacy Compliance Officer
29-33 Bourke Road
Alexandria NSW 2015
Online: at https://www.ampol.com.au/get-in-touch – using our secure enquiry form
Updated: 6 December 2021