Current as at 1 November 2021
RealPay Holdings Pty Ltd, trading as “Rello” (ACN 651 812 45) provides payment solutions to the real estate industry including agencies, suppliers of software and cloud platforms as well as end consumers.
This Privacy Statement explains what personal data Rello, collects from you, through our interactions with you and through our website, products or services, and how we use it. It also describes your choices regarding use, access and correction of your personal information. This Privacy Statement applies to all entities within the Rello group, being RealPay Holdings Pty Ltd ACN 651 812 45, Rello Finance Pty Ltd ACN: 633 994 859, and Rello Payments Pty Ltd (ACN: 653 241 617) and our affiliates and related companies (referred to herein as “we/us/our/Rello”).
We are committed to protecting the privacy of our customers’ personal and credit information. Your privacy is important to us. To protect your privacy, we provide this Privacy Statement explaining our information practices and the choices you can make about the way your information is collected and used. Please read this Privacy Statement carefully to understand what we do and the choices you can make. We are committed to abiding by the Privacy Act 1988 (Cth), the Australian Privacy Principles, the Privacy (Credit Reporting) Code 2014, and any other relevant law.
This Privacy Statement applies when we collect Personal Information during the course of our business. This can happen in a number of different ways and times in the operation of our business, including when we sign up Merchants to our payments services, the Merchant uses our services and technologies (which are white labelled), and when the Merchant’s customer selects the pay now or pay later option with the Merchant to facilitate the purchase of goods or services offered by the Merchant (our Platform).
What is personal information?
When we refer to “personal information”, we mean information from which your identity is reasonably apparent. This information may include information or an opinion about you. The personal information we hold about you may also include credit-related information.
“Credit-related information” means: information that includes your identity; the type, terms, and maximum amount of credit provided to you, including when that credit was provided and when it was repaid; repayment history information, default information (including overdue payments); payment information; new arrangement information; details of any serious credit infringements; court proceedings information; personal insolvency information and publicly available information about your creditworthiness.
We use your credit-related information to assess your eligibility to be provided with finance. Usually, credit-related information is exchanged between credit providers and credit reporting bodies.
We may exchange credit-related information for the purposes of assessing your application for finance or activating a pay later payment plan. This credit-related information may be held by us in electronic form on our secure servers and may also be held in paper form. We may use cloud storage to store the credit-related information we hold about you. When we obtain eligibility information about you from a credit reporting body, we may also seek publicly available information and information about any serious credit infringement that you may have committed.
We exchange your credit-related information with credit reporting bodies. We use the credit-related information that we exchange with the credit reporting body to confirm your identity, assess your creditworthiness, assess your application for finance or a pay later payment plan. The information we can exchange includes your identification details, what type of loans you have, how much you have borrowed, whether or not you have met your loan payment obligations, and if you have committed a serious credit infringement (such as fraud).
If you fail to meet your payment obligations in relation to any finance that we have provided or arranged, or you have committed a serious credit infringement, then we may disclose this information to a credit reporting body.
You may contact the credit reporting body to advise them that you believe that you may have been a victim of fraud. The credit reporting body must not use or disclose that credit information for a period of 21 days after the credit reporting body receives your notification. You can contact any of the following credit reporting bodies for more information:
- Equifax Pty Ltd (www.equifax.com.au, or 13 83 32)
What types of information do we collect, use and store?
The types of personal information we collect, use, and store depending on the product or service you have with us. This may include the following information collected from you and from your transactions with us or our customers with whom you have a direct relationship:
- Your name, mailing address, city, state, postcode, email address, mobile phone number and IP address
- Your bill payment (including payment amount and designated payee)
- Your credit or debit card or bank account numbers, expiration date, and cardholder or account holder name)
- Unique identifiers such as username, account number, and password
- your device ID, your device type, Internet browser and device operating system details, geo-location information (including country and suburb name based on this), computer and connection information, statistics on page views, traffic to and from the sites, ad data, IP address and standard web log information details of the products and services we have provided to you (or the entity or business that employs or engages you as a contractor) or that you have enquired about, including any additional information necessary to deliver those products and services and respond to your enquiries
- information you provide to us through customer surveys
- other information we require to provide our products and services.
We also collect aggregate information which does not identify you. This information can be collected directly from you or through our customers with whom you have a direct relationship such as a merchant or financial institution. We must collect information about you in order to create the account or to facilitate the processing of your payment transaction.
Since certain information is required if you choose to register or make a payment transaction, you agree to provide accurate and complete information when providing personal information. Except as otherwise provided below under the heading “How do we use your information?”, when you supply information about yourself for a specific purpose, we use that information only for the specified purpose and to manage internal operations and security. In general, you can visit our website without telling us who you are or revealing any personal information about yourself.
However, some portions of our website are accessible only to users who have a registered account with us.
At times we may ask you for contact information or conduct online surveys to better understand your needs, to provide you with enhanced services, and to help you use the services more effectively. If you participate in our online surveys, we will request certain personal information such as name, email address, and demographic information such as zip code. Participation in these surveys or contests is completely voluntary and you, therefore, have a choice whether or not to disclose this information. We will not share the personal information you provide through a survey with other third parties unless we give you prior notice and choice.
We also display personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us by emailing email@example.com.
How do we collect personal information?
We only collect information that is relevant to our relationship with you. This information is received directly from you or from other sources who you have approved giving us information.
Directly from you
In many cases, we collect personal information directly from you. For example, if you are an Rello user, we collect information about you during the onboarding process and when you contact us. We also collect information about you when you interact with Rello or when other users of Rello interact with you.
From our customers
To provide products and services to our customers who are cloud-based platforms, real estate agencies, or franchises, we collect their business information. This business information may include information about you if you are an employee, vendor, landlord, renter or service provider of one of these real estate agencies or franchises. For example, if you are a vendor and your real estate agency wishes to use Rello to facilitate your payments, your real estate agency may provide us with information about you in order to assist you through our payment services.
If we collect personal information from someone else, we will take reasonable steps to ensure that you:
- have been informed that we have collected that information;
- understand the purposes for which we have collected that information;
- and are aware of how we might use that information or disclose it to other people.
Why do we collect personal information and how do we use it?
We collect personal information for the purposes of:
- providing payment products and services to you;
- to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and the information requested by you;
- managing our business relationship with you;
- sending you marketing and promotional messages, and other information that may be of interest to you, including information sent by or on behalf of our business partners that we think you may find interesting;
- to protect, improve and optimise our products and services, including by performing analytics and conducting research; and
- complying with our legal and regulatory responsibilities.
We use the information we collect about you for everyday internal business purposes to provide our services, process your transactions, maintain your account(s), and provide customer service. We provide access to the personal information of our customers only to those employees who require it as part of their job to provide our services, process customer payments, and provide customer service.
We may use your personal information for the purposes of marketing products and services, including those of our partners. Those services may include contacting you via email or direct mail about opportunities related to our products or services, as well as performing marketing analytics. You may exercise the choice to discontinue receipt of these opportunities at any time by emailing firstname.lastname@example.org.
When might we disclose personal information?
We may disclose your personal information to third parties, including third-party suppliers, service providers, advisers and agents, to achieve the above purposes.
Apart from the purposes above, we do not give your information to any other person or company outside our subsidiary companies.
We might also disclose personal information about you:
- within our corporate group and subsidiary companies;
- on a confidential basis to our agents, contractors and external service providers;
- if we are otherwise permitted or required to do so by law, such as under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), government and law enforcement agencies or regulators;
- to anybody who represents you, such as lawyers, guardians, persons holding power of attorney and accountants;
- to investors, agents or advisers, trustees, rating agencies, or any entity that has an interest in your finance or our business;
- to entities to whom we outsource some of our functions or that provide information and infrastructure systems to us, which may include entities with staff based overseas;
- to payment systems operators;
- to any organisation providing verification of your identity, including online verification of identity;
- to anyone to whom our assets or business are transferred (for example, in the case our business is purchased by another person); or
- in other circumstances where you have first consented to the disclosure.
We share aggregated statistical or demographic data from specified accounts with our business partners or for public relations and marketing purposes. For example, we may reveal the percentage of payments with pay now versus a pay later. It is important to note, however, that this aggregated information is not tied to any personal information that can identify you.
As with any other business, it is possible that in the future we could merge with or be acquired by another company. If such an acquisition occurs, the replacement company would have access to personal information maintained by us. This will include customer and personal account information, but it will continue to be bound by this Privacy Statement unless and until it is amended. You will be notified via prominent notice on our sites of any such change in ownership or control of your personal information.
Access and Changes to Personal Information
You have the right to amend or update inaccurate or incomplete personal information, request deletion of your personal information, or request that we no longer use it. Upon request, we will provide you with information about whether we hold any of your personal information. If you have submitted incorrect personal information through our sites and would like to revise this information or if you would like to request access to your personal information, please contact us by submitting this request form. Please do not send us your personal information (“PI”) via email. We will respond to your request to access within a reasonable timeframe in compliance with the law.
We will retain your information for as long as your account is active or as needed to provide you with services. In addition, we will maintain and use your information for as long as necessary to comply with our legal obligations, resolve disputes, and administer our agreements.
If you want to cancel your account or request that we no longer use your information to provide you with any services, contact us by emailing email@example.com.
- Storing your Preferences and Settings. Settings that enable our website to operate correctly or that maintain your preferences over time may be stored on your device. For example, we save preferences, such as language, browser and multimedia player settings, so those do not have to be reset each time you return to the site. If you opt-out of interest-based advertising, we store your opt-out preference in a cookie on your device.
- Sign-in and Authentication. When you sign into a website using your personal FlipMoney account, we store a unique ID number, and the time you signed in, in an encrypted cookie on your device. This cookie allows you to move from page to page within the site without having to sign in again on each page. You can also save your sign-in information so you do not have to sign in each time you return to the site.
While we do not use browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit and the internet protocol (IP) address assigned to your computer. We record your IP address in order to assist us to protect our systems from malicious activities, including denial of service attacks and brute force attempts to access our systems. We store IP addresses for this purpose for 30 days in order to detect and analyse previous attacks on our systems.
Preferences and Opting Out
You may inform us of your preferences concerning the use of your information by “opting-out” of the following practices by emailing firstname.lastname@example.org.
If you gave us permission to contract with third-party marketing partners working on our behalf for the purpose of marketing products or services to you and no longer want to enable us to do so, you can “opt-out” of our sharing your information with third-party partners for marketing purposes.
If you requested but no longer want us to inform you of upcoming payment obligations, notify you of a scheduled or successfully completed Auto Payment, or notify you of new or additional services offered by us from which you may benefit, you can “opt-out” from receiving this information.
Opting out of Analytics Services
You can opt-out of data collection or use by some third-party analytics providers by clicking the following links:
- AppsFlyer: www.appsflyer.com/optout
- Flurry Analytics: https://aim.yahoo.com/aim/us/en/optout/
- Google Analytics: tools.google.com/dlpage/gaoptout (requires installation of a browser add-on)
- Nielsen: www.nielsen-online.com/corp.jsp?section=leg_prs&nav=1#Optoutchoices
- Omniture (Adobe): www.d1.sc.omtrdc.net/optout.html
- Visible Measures: www.visiblemeasures.com/viewer-settings-opt-out
- WebTrends: ondemand.webtrends.com/support/optout.asp
SMS Text Messaging
For certain applications, we can send a SMS text message for payment confirmation and other messages to your mobile phone number. Once you provide us with your mobile phone number (message and data rates may apply), you will receive a text message from us to complete the setup process. By replying to the text message, you will be confirmed in writing that you have agreed to receive text messages containing information such as payment confirmations, bill reminders and other relevant messages, including information to inform you of new or additional services offered by us from which you may benefit. Message frequency depends upon your payment activity and other information such as your geographic location that we may use to send you messages relevant to our services available in your area.
To opt-out at any time, respond to the text with OPT-OUT. If you cancel, we will send you a text message to confirm we have processed your cancellation. When you opt-out of receiving text messages, it does not affect the other services which are provided on our websites. For additional assistance, email email@example.com.
We will store your personal data for up to 7 years after we have completed providing our services to you. After this time:
- we will continue to store your personal data only to the extent required by any law applicable to our business or for compliance and risk management purposes; and
- we will delete or de-identify your personal data when it is no longer necessary or required to be kept.
We store all data securely in Australia. However, to operate our business we sometimes use the services of third-party IT service providers located overseas. This means that third-party IT service providers located in the US and Nepal may at times have access to your personal information so that we can continue to operate our product and services. We will never sell your personal information to third parties.
The security of your information is very important to us. We take commercially reasonable precautions consistent with applicable regulatory requirements and applicable published security standards to protect the personal information submitted to us. However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially reasonable means to protect your personal information, we cannot guarantee absolute security. When doing business with others such as advertisers to whom you can link from our site, you should consider the separate security and privacy policies of those other sites. When you enter personal information (such as a credit card number), we encrypt the transmission of that information by using best industry practices as outlined by the Payment Card Industry Data Security Standard (PCI DSS).
In the event that your sensitive personal information is accessed by an unauthorized individual and the misuse of your information is reasonably possible, we will notify you of the unauthorized access unless a law enforcement agency believes that such notification may interfere with a criminal investigation. The notification of such an event may be given to you by email or writing at our sole discretion.
If you have any questions about security on our web sites, please contact:
Attn: Compliance Officer
RealPay Holdings Pty Ltd
Suite 5, Level 41 225 George St Sydney NSW, Australia, 2000.
Or by email: firstname.lastname@example.org.
If you require more information about privacy laws generally, please contact:
The Privacy Commissioner:
Office of the Federal Privacy Commissioner GPO Box 5218, Sydney NSW 2001 Phone: 1300 363 992 Website: www.oaic.gov.au
Accessing or correcting your personal information
You can access the personal information we hold about you by contacting us using the contact information provided through the website or using the contact details set out below. Sometimes, we may not be able to provide you with access to all of your personal information, and, where this is the case, we will tell you why. We may also need to verify your identity when you request your personal information.
If you think that any personal information we hold about you is inaccurate, please contact us using the details set out below and we will take reasonable steps to ensure that it is corrected:
Attn: Compliance Officer
RealPay Holdings Pty Ltd
Suite 5, Level 41 225 George St Sydney NSW, Australia, 2000.
Or by email: email@example.com.
Making a complaint
If you think we have breached the Privacy Act 1988 (Cth), or you wish to make a complaint about the way we have handled your personal information, you can contact us at firstname.lastname@example.org. Please include your name, email address, and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and respond to you regarding your complaint within the time required by law (if applicable) or otherwise within a reasonable period of time, typically within 30 days. If you think that we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take.
If your complaint is not resolved, you may refer your complaint to the Office of the Australian Information Commissioner who can be contacted by phone at 1300 363 992, or by email at email@example.com.
We are constantly reviewing all of our policies and attempt to keep up-to-date with market expectations. As a consequence, we may change this policy from time to time or as the need arises. We will post any changes to this policy on our Website.