We respect your personal information. This Privacy Policy explains how We handle it. It includes how electronic communications apply to you and to Us.
The Policy covers Blossomapp Pty Ltd, ABN 74 644 216 151, NZBN 9429052157431 (referred to as We, Our or Us).
This policy covers the New Zealand Privacy Act 2020 and the Australian Privacy Act 1988, which includes the Australian Privacy Principles.
This Policy may change. We will let you know of any changes to this Policy by posting a notification on our website. Any information collected after an amended privacy statement has been posted on the site will be subject to that amended privacy statement.
What this Policy deals with
• The kinds of personal information that We collect and hold
• How We collect and hold personal information
• The lawful purposes for which We collect, hold, use and disclose personal information
• How you may access personal information that We hold about you and seek the correction of such information
• How to complain about a breach of the New Zealand Privacy Act 2020 and Australian Privacy Act 1988 and how We will deal with such a complaint
• Disclosure of personal information to overseas recipients including the countries in which such recipients are likely to be located if it is practicable to specify those countries in the policy.
• Electronic communications between Us and you.
1 - Types of personal information We collect
• We only collect personal information that is reasonably necessary for one or more of Our functions or activities. The types of personal information that We collect and hold about you could include:
◦ Name;
◦ Mailing or street address;
◦ Email address;
◦ Telephone number and other contact details;
◦ Date of birth;
◦ Bank account details;
◦ Details or images of your government issued identification, such as your passport, drivers licence or other forms of ID;
◦ financial details; such as your tax file numbero
◦ and other information We think is necessary.
2 - How We collect and hold personal information
• We must collect personal information only by lawful and fair means. We must collect your personal information from you unless it is unreasonable or impracticable to do so.
• In certain circumstances where it is not possible to collect your information directly, we may collect your personal information from third parties, where you authorise us to do so or where collection from third parties would not prejudice your interests. For example, if We are unable to contact you and We then rely on publicly available information to update your contact details or if, at your request, We exchange information with your legal or financial advisers or other representatives.
• We might collect your information when you fill out a form with us (either in hard copy or via our website), when We speak with you on the telephone, use Our website or face to face. We may also verify your information via electronic means, such as email.
• If We receive personal information that We did not solicit, then within a reasonable period after receiving the information, We must determine whether or not We could have collected the information under the collection of solicited personal information and We may use or disclose the personal information to make this determination.
• Then, if We determine that We could not have collected the personal information and the information is not contained in a Commonwealth record, We must, as soon as practicable but only if it is lawful and reasonable to do so, destroy the information or ensure that the information is de-identified. If however this does not apply in relation to the personal information, the Australian Privacy Principles 5 to 13 apply in relation to the information as if We had collected the information by solicitation.
• We will do all that We can to ensure that the personal information that We collect, use and disclose is accurate, up-to-date, complete and relevant.
• We are required to have safeguards in place that are reasonable in the circumstances to prevent loss, misuse or disclosure of personal information. Where any serious breaches occur, We must notify the Office of the Privacy Commissioner within 72 hours.
• As a financial services provider, we are required by law to store your information for 7 years. We will not typically store information about you for more than 7 years from the time you cease to be a customer, unless required to by law.
3- Notifying you
• When We receive personal information from you directly, We will take reasonable steps to notify you how and why we collected your information, who We may disclose it to and outline how you can access it, seek correction of it or make a complaint.
• Sometimes We collect your personal information from third parties. You may not be aware that We have done so. If We collect information that can be used to identify you, We will take reasonable steps to notify you of that collection.
4- The purposes for which We collect, hold, use and disclose personal information
• When we collect personal information from you, we must take steps that are reasonable in the specific circumstances to ensure that you know why the information is being collected, who will receive it and whether it is compulsory to provide such information, unless not doing so would not prejudice your interests.
• We must only collect personal information where we have a lawful purpose to do so, and where the information is necessary in order to provide our services. The lawful purpose for collection of necessary information may be:
◦ to meet our legal or regulatory obligations for example, We require personal information to verify your identity under the Anti-Money Laundering and Counter-Terrorism Commonwealth law and/or;
◦ to provide our services.
• If We collect and hold your personal information for a primary purpose, We will not use or disclose the information for a secondary purpose unless:
◦ the information is to be used for a purpose that is directly related to the purpose in connection with which the information was obtained;
◦ the information is to be used in a way where the individual concerned would not be identified;
◦ you have consented to the use or disclosure of the information;
◦ the information is publicly available;
◦ the information is necessary to prevent or lessen a threat to the health and safety of the public, or an individual;
◦ you would reasonably expect Us to use or disclose the information for the other purpose and the other purpose is related to the first particular purpose;
◦ the use or disclosure of the information is required or authorised by or under an Australian law or a court/tribunal order;
◦ a permitted general situation exists in relation to the use or disclosure of the information by Us;
◦ We reasonably believe that the use or disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body (and, if We use or disclose personal information in accordance with this point, We must make a written note of the use or disclosure).
• If We collect personal information from any of our related bodies corporate, this principle applies as if Our primary purpose for the collection of the information were the primary purpose for any of our related bodies corporate collected the information. This principle does not apply to the use or disclosure by Us of personal information for the purpose of direct marketing or government related identifiers.
• We may generally only disclose personal information for the purpose for which it was originally collected, except for where:
◦ disclosure is one of the purposes for which We obtained the information; or
◦ you authorised the disclosure; or
◦ you will not be identified; or
◦ disclosure is necessary to uphold or enforce the law.
• If We hold personal information about an individual, We must not use or disclose the information for the purpose of direct marketing, unless We collected the information from the individual and the individual would reasonably expect Us to use or disclose the information for that purpose, and We provide a simple means by which the individual may easily request not to receive direct marketing communications from Us and the individual has not made such a request to Us.
• We may also use or disclose personal information about an individual for the purpose of direct marketing if We collected the information from the individual and the individual would reasonably expect Us to use or disclose the information for that purpose and the personal information has been collected from a third party, or from the individual directly but the individual does not have a reasonable expectation that their personal information will be used for the purpose of direct marketing. We provide a simple means by which the individual may easily request not to receive direct marketing communications from Us. In each direct marketing communication with the individual, We include a prominent statement that the individual is made aware of their right to opt out of receiving direct marketing communications from the organisation.
• If you have general enquiry type questions, you can choose to do this anonymously or use a pseudonym. We might not always be able to interact with you this way however as we are often governed by strict regulations that require us to know who We are dealing with. In general, We will not be able to deal with you anonymously or where you are using a pseudonym when it is impracticable or we are required or authorised by law or a court/tribunal order to deal with you personally.
5- How you can access your personal information that We hold and seek the correction of such information
• You have the right to ask for access to your personal information. We will always give you access to your personal information unless there are certain legal reasons why We cannot do so. We do not have to provide you with access to your personal information if:
◦ we believe there is a threat to life or public safety;
◦ there is an unreasonable impact on other individuals;
◦ the request is frivolous;
◦ the information wouldn’t be ordinarily accessible because of legal proceedings;
◦ it would prejudice negotiations with you;
◦ it would be unlawful;
◦ it would jeopardise taking action against serious misconduct by you;
◦ it would be likely to harm the activities of an enforcement body (e.g. the police); or
◦ it would harm the confidentiality of our commercial information.
• You can ask Us to access your personal information that We hold by sending an email to blossom@blossomapp.com. We will give you access to your information in the form you want it where it is reasonable and practical to do so.
• If We cannot provide your information in the way you have requested, We will tell you why in writing. If you have concerns, you can complain by sending us an email to blossom@blossomapp.com.
• You have the right to ask us to correct information We hold about you if you believe it is wrong for example if you think that any of the information We hold is inaccurate, you can change your information through the website, iOS or Android App or request for us to update your information via email to blossom@blossomapp.com.
• If you are worried that We have given incorrect information to others, you can ask us to tell them about the correction. We will correct this if We can or We will notify you if We are unable to change the details.
• We are required to help you ask for the information to be corrected if We cannot correct this for you. Accordingly, We may need to talk to third parties. However, the most efficient way for you to make a correction request is to send it to the organisation which you believe made the mistake.
• If We are able to correct the information, We will notify you within five business days of deciding to do this. We will also notify the relevant third parties as well as any others you notify Us about. If there are any instances where We cannot do this, then We will notify you in writing.
• If We are unable to correct your information, We will explain why in writing within five business days of making this decision. If We cannot resolve this with you internally, you are able to make a complaint via our external dispute resolution scheme, by contacting the Australian Financial Complaints Authority (AFCA) or the Office of the Australian Information Commissioner (OAIC) or Office of New Zealand Privacy Commissioner (OPC).
• If We agree to correct your information, we will do so within 30 days from when you asked us, or a longer period as agreed between Us and you.
• If We are unable to make corrections within a 30 day time frame or the agreed time frame, We must notify you of the delay, the reasons for it and when we expect to resolve the matter, ask you to agree in writing to give us more time and let you know you can make a complain to AFCA or OAIC or OPC.
6 - How you can complain about a breach of the Australian Privacy Act 1988 and New Zealand Privacy Act 2020, or a registered APP code (if any) that binds Us, and how We will deal with such a complaint
The complaints handling process is as follows:
• The individual should make the complaint including as much detail about the issue as possible, in writing to Us:
◦ The Blossom Support Team, Blossomapp Pty Limited Level 27, 25 Bligh Street, Sydney NSW 2000 or to:
• We will investigate the circumstances included in the complaint and respond to you as soon as possible (and within 30 calendar days) regarding Our findings and actions following this investigation.
• After considering this response, if you are not satisfied you may escalate your complaint directly to the Office of New Zealand Privacy Commissioner (OPC) at PO Box 10 094, The Terrace, Wellington 6140, phone 0800 803 909, or fill in an online enquiry form https://www.privacy.org.nz/ or the Office of the Australian Information Commissioner at GPO Box 5288, Sydney NSW 2001, phone 1300 363 992, https://www.oaic.gov.au/. Alternatively, if the complaint relates to a non-privacy matter, or should individuals choose to do so, a complaint may also be lodged with AFCA:
◦ Australian Financial Complaints Authority www.afca.org.au Phone: 1800 931 678
7- Which overseas recipients and countries are We likely to disclose personal information to
• We may need to share some of your information with organisations that are based overseas.
• We may store your information in cloud or other types of networked or electronic storage. As electronic or networked storage can be accessed from various countries via an internet connection, it is not always practicable to know in which country your information may be held.
• When you provide your personal information to us you consent to the disclosure of your information outside of your country of residence, you acknowledge that we cannot guarantee that such organisations will handle your personal information in compliance with New Zealand and Australian laws. We will however ensure that they are subject to privacy laws that provide comparable safeguards to New Zealand and Australian laws.
• Overseas organisations may be required to disclose information We share with them under a foreign law. In those instances, We will not be responsible for that disclosure.
8 - Government Identifiers
• Sometimes We may be required to collect government-related identifiers such as your tax file number. We will not use or disclose this information unless We are authorised or required to do so by law or the use or disclosure of the identifier is reasonably necessary for Us to verify your identity for the purposes of Our business activities or functions.
9 - Electronic communications
• This policy covers electronic communications between you and Us (and our directors, employees and agents) before you become a customer, while you are a customer and for any later correspondence. When you are a customer, We and you are bound by this policy and each may rely on it.
• Electronic communications covers any type of communications (inducing notifications) using electronic means from time to time. Electronic means includes emails, telephone, the Blossom App, website usage and social media channels. The electronic means are generally provided by third parties (such as Facebook).
• We are not responsible for the third party services, even though we use them to communicate with you. You and We use them on an “as-is” basis, with their risks of delays, suspension or failure, disruptions, government control and access and also access by unauthorised persons (other than you and any of Us). Subject to any overriding duties and liability imposed on Us, We are not liable to you or to any other person for failures, breaches, errors and disruptions in third party services used in electronic communications.
• We may give you access to your Account (including allowing messages between Us, transactions and exporting information) by allocating to you a user name and password (whether or not selected by you and also later changed) (Security Information).
◦ You must keep the Security Information confidential. You must not provide, disclose or make available the Security Information to any person. You are responsible for the consequences of any unauthorised disclosure or use of the Security Information arising from you not keeping the Security Information confidential.
◦ You must notify us immediately upon becoming aware of any disclosure of or unauthorised use of the Security Information.
◦ We will rely on all communications from you which have used the Security Information to send it to us. We are not liable for any loss to you caused by Us acting on communications using the Security Information.
• We may suspend, terminate or impose conditions on your use of any kind of electronic communications with Us if we believe it is in your interests, or there is or might be a security breach or We are acting in accordance with Our duties or any part of any of Our policies.
• By using electronic communications, you and We agree not to contest the validity or enforceability of any electronic communications or transactions on the basis of the electronic nature of that communication or transaction.
