Ria Financial Services Australia Pty Limited
1 Collecting personal information
Personal information means information or an opinion relating to an individual, which can be used to identify that individual. The types of personal information we collect includes contact details such as full name, date of birth, country of birth, occupation, complete residential address, email, phone number, type of government issued photo identification (ID), ID number, ID expiry date, and mailing address. If it is reasonable and practical to do so, we will collect personal information directly from you. This will include contact details and other information relevant to providing services to you. This may take place in a number of ways, such as when you purchase our services.
We generally collect your personal information by the following methods:
- from applications and/or forms you complete online when you wish to use our services;
- from applications and/or forms you complete in person when you wish to use our services; or
- from information disclosed to us by you on the phone, or by sending us correspondence (including letters, faxes and emails) or by visiting us in person (including the location of any third party duly appointed by us as our agent for purposes of providing our services to the public).
We may also collect personal information from third parties such as your representatives or publically available sources of information. All personal information that we or our related bodies corporate collect, is reasonably necessary for the purposes relating to providing our services to you.
If someone other than you provides us with personal information about you that we did not ask for (unsolicited personal information), and we determine that we could have collected this information from you had we asked for it, we will notify you, as soon as practicable. Our employees are required to notify Ria’s Disputes Resolution Manager of all unsolicited personal information that they receive. We destroy all unsolicited personal information, unless the information is relevant to our purposes for collecting personal information.
Sensitive information is personal information that includes information relating to a person’s racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, sexual preferences and criminal record, and also includes health information. We will not collect any sensitive information from you, unless:
- you have given express consent to us to do so and the information is reasonably necessary for us to carry out our functions or activities;
- the use of this information is required or authorised under Australian law or a court or tribunal order; or
- the information is necessary for the establishment, exercise or defense of a legal claim.
We will not collect personal information unless the information is reasonably necessary for or directly related to one, or more of our functions or activities. If we are unable to collect personal information we reasonably require, we may not be able to do business with you or the organisation with which you are connected.
We do not give you the option of dealing with us anonymously, or under a pseudonym. This is because it is impractical, and in some circumstances illegal, for Ria to deal with individuals who are not identified.
We collect personal information from the Site when we receive emails and online forms. When you visit the Site the server may attach a "cookie" to your computer's memory. A “cookie” assists us to store information on how visitors to the Site use it and the pages that may be of most interest to the users of this Site. This information may be used to provide users of your computer with information that we think may interest the users of your computer. However, this information is not linked to any personal information you may provide and cannot be used to identify you. If you choose, you should be able to configure your computer so that it disables “cookies” or does not accept them.
3 Use and disclosure of information
Ria may use your personal information for the primary purposes of:
- providing you with our services, including without limitation status updates on pending transactions;
- meeting our AML/CTF requirements;
- completion of documentation and forms;
- to consider and assess your request for a product or service;
- to provide you with information about a product or service and invite you to marketing events;
- to protect our business and other clients from fraudulent or unlawful activity;
- to conduct our business and perform other management and administration tasks;
- to consider any concerns or complaints an individual may have;
- to manage any legal actions involving Ria;
- to comply with relevant laws, regulations and other legal obligations;
- to help us improve the products and services offered to our clients, and to enhance our overall business;
- for reasonably expected secondary purposes which are related to the primary purposes, and in other circumstances authorised by the Privacy Act.
Ria may also use your information for other purposes, such as providing you with details regarding new developments, products, services and special offers that may be of interest to you. We may use any email address or other personal information you provide to us at any time for this purpose.
We use and disclose personal information for the purposes outlined in clause 3 above. Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless the individual agrees otherwise, or where certain other limited circumstances apply (e.g. if required by law).
We engage other people to perform services for us, which may involve that person handling personal information we hold. In these situations, we prohibit that person from using personal information about you except for the specific purpose for which we supply it. We prohibit that person from using your information for the purposes of direct marketing their products or services.
In relation to sensitive information held by us, wherever possible, Ria will attempt to de-identify the information. We also undertake to take reasonable steps to delete all personal information about you when it is no longer needed.
4 Who might we disclose personal information to?
We may disclose personal information to:
- a related entity of Ria, as described below;
- an agent, contractor or service provider we engage to carry out our functions and activities, such as our lawyers, accountants, debt collectors or other advisors;
- organisations involved in a transfer or sale of all or part of our assets or business;
- organisations involved in managing payments, including payment merchants and other financial institutions such as banks;
- regulatory bodies, government agencies, law enforcement bodies and courts; and
- anyone else to whom the individual authorises us to disclose it or is required by law.
We may also collect personal information from these organisations and individuals, and will deal with that information in accordance with this Policy.
We disclose information to AUSTRAC, law enforcement agencies, and other government agencies as required by law.
We may provide certain information about you including your personal information to our related bodies corporate.
We provide information to our related companies overseas when it is reasonably necessary to fulfil our obligations to you or provide you a service. These companies include:
CES (Continental Exchange Solutions, Inc.) USA
RFSNZ (Ria Financial Services New Zealand Ltd.) New Zealand
Euronet Services India Pvt. Ltd. India
RIA de Centroamérica S.A. de C.V. El Salvador
RIA Payment Institution EP, SAU Spain
5 Direct marketing
We may use personal information about you for the primary purpose of providing you with our services, and for other purposes for which you would reasonably expect us to use that information.
Ria does not use personal information for the purposes of direct marketing, unless:
- the personal information does not include sensitive information; and
- you would reasonably expect us to use or disclose the information for the purpose of direct marketing; and
- we provide a simple way of opting out of direct marketing; and
- you have not requested to opt out of receiving direct marketing from us.
If we collect personal information about you from a third party, we will only use that information for the purposes of direct marketing if you have consented (or it is impracticable to obtain your consent), and we will provide a simple means by which you can easily request not to receive direct marketing communications from us. We will draw your attention to the fact you may make such a request in our direct marketing communications.
In relation to sensitive information, we may only use or disclose sensitive information about an individual for the purpose of direct marketing if you have consented to the use or disclosure of the information for that purpose.
You have the right to request to opt out of direct marketing and we must give effect to the request within a reasonable period of time. Once you opt out of receiving marketing material from us, you agree and acknowledge that this removal from our distribution lists may take several business days after the date of your request to be removed.
You may also request that we provide you with the source of your information. If such a request is made, we must notify you of the source of the information free of charge within a reasonable period of time.
6 Accuracy of your information
We take all reasonable steps to ensure that your personal information held by us is accurate, up-to-date, complete, relevant and not misleading. If you believe that any of your personal information is not accurate, up-to-date, complete, or relevant and/or it is misleading, please contact us (see below) and we will take all reasonable steps to correct it within 30 days of your request. We do not charge you for correcting the information.
7 Third Parties and your information
8 Disclosure of Information Overseas
We may transfer personal information to people in foreign countries to process your order, this includes our third party pay out agents (Correspondents) and our affiliates overseas (listed in clause 3 above) that assist us with the processing of your transactions and provision of our services.
These recipients may be located in any country where we have the capability to pay out money transfer transactions either directly or through contractual relationships with Correspondents. We currently have the capability to effect payments in over 150 countries. Your personal information will not be transferred to any recipients who are not directly involved in either the pay out or processing of any product or service you obtain from us. You may review a list of countries to which we can effect payments on our website at https://www.riadirect.com.au/fees/.
We will not send personal information to recipients outside of Australia unless:
- we have taken reasonable steps to ensure that the recipient does not breach the Act, and the APPs;
- the recipient is subject to an information privacy scheme similar to the Privacy Act; or
- the individual has consented to the disclosure.
9 Storage and security
We will use all reasonable endeavours to keep your personal information in a secure environment, and at all times seek to ensure that your personal information is protected from interference, misuse or loss, unauthorised access, modification or disclosure.
Personal information is generally held in client files. Information may also be held in a computer database. All paper files are stored in secure areas. Computer-based information is protected through the use of access passwords.
In relation to our computer-based information, we apply the following guidelines:
- we use firewalls to block unnecessary connections;
- our Site encrypts data transmission using HTTPS;
- our password policy requires the change of passwords periodically;
- we change employees’ access capabilities when they are assigned to a new position;
- employees have restricted access to certain sections of the system;
- the system automatically limits the amount of personal information appearing on any one screen;
- unauthorised employees are barred from updating and editing personal information; and
- print reporting of data containing personal information is limited.
If you reasonably believe that there has been unauthorised use or disclosure of your personal information, please contact us via the Ria Disputes Resolution Manager (details in clause 13).
If we no longer need your personal information, unless we are required under Australian law to retain it, we will take reasonable steps to destroy or de-identify your personal information, in accordance with our document retention policy.
10 Variation and consent to variation
11 Access to information we hold about you
If you request access to the personal information we hold about you, we will respond to your request within 30 days of your request. This will be subject to any exemptions allowed under the Privacy Act. If we refuse to provide the information, we will provide reasons for the refusal.
We will require identity verification and specification of what information is required. An administrative fee for search and photocopying costs may be charged for providing access.
You may request this information by writing to:
The Ria Disputes Resolution Manager (details set out in clause 13 below).
We will not use identifiers assigned by the government, such as a tax file number, Medicare number or provider number, for our own file recording purposes, unless one of the exemptions in the Privacy Act applies. Ria endeavours to avoid data-matching, being the comparison of data collected and held for two or more separate purposes in order to identify common features in relation to individuals, as a basis for further investigation or action in relation to those individuals.
13 Incidents/Complaints Handling
Ria has an effective complaints handling process in place to manage privacy risks and issues. The complaints handling process involves:
- identifying (and addressing) any systemic/ongoing compliance problems;
- increasing consumer confidence in Ria’s privacy procedures; and
- helping to build and preserve Ria’s reputation and business.
You can make a complaint to Ria about the treatment or handling of your personal information by lodging a complaint with the Ria Disputes Resolution Manager (see below) first or with the Office of the Australian Information Commissioner (see below) if Ria is unable to resolve your dispute to your satisfaction.
Inquiries and Complaints
If you have any questions about our privacy procedures or if wish to make a complaint about how we have dealt with your personal information (including credit information), you may lodge a complaint with us in any of the following ways:
- by telephoning – 1800 701 488
- by writing to – Ria Disputes Resolution Manager c/- Ria Financial Services Australia Pty Ltd, Level 1, 75 Castlereagh St Sydney NSW 2000
- by emailing – email@example.com
What if I am not satisfied with the response?
If you are not satisfied with the result of your complaint to Ria, you can also refer your complaint to the Office of the Australian Information Commissioner.
You can contact the Office of the Australian Information Commissioner:
- by telephoning - 1300 363 992
- by writing to - Director of Complaints, Office of the Australian Information Commissioner, GPO Box 5218, SYDNEY NSW 2001
- by emailing - firstname.lastname@example.org