Effective Date: 1 June 2017
At AFEX, we are committed to safeguarding your privacy. We want you to know how we may collect, use, share, and keep information about you and the choices that are available to you. When we provide AFEX products or services to you, we may also give you specific additional details about how we will use your personal information.
Since we may change this online privacy statement, we recommend that you check the current version available from time to time. If we make changes to this statement, we will update the ‘Effective Date’ at the top of this page.
- WHAT KINDS OF PERSONAL INFORMATION DO WE COLLECT?
We collect the following kinds of personal information about individuals:
- phone numbers
- email addresses
- bank account details
- identification information including drivers’ licence, Medicare and passport details
- company officeholder roles
- criminal history
- financial information including credit history and credit worthiness
- the types of payments and services generally used by the individual
We (and our Service Providers or Third-Party Ad-Servers) may collect information using Cookies and Similar Technologies about:
- the device you use to browse our websites (for example, we may collect information about the operating system or the browser version and the type of device you open the electronic communication on)
- the IP Address and information related to that IP Address (such as domain information, your internet provider and general geographic location)
- browsing history on our websites
- how you search for our websites, from which website you came from, and which of our Business Partners’ websites you visit
- which ads or online content from us and our Business Partners you view, access, or click on
- whether you open our electronic communications and which parts you click on (for example, how many times you open the communication)
We also collect any other information that is relevant to the services that we provide.
- HOW WE COLLECT PERSONAL INFORMATION
We generally collect personal information directly from the individual. For example, an individual may deal with us via our website, on the phone, or send us correspondence (by letter, fax or email). AFEX will collect personal information from forms filled out by customers, interviews, business documents (such as account application forms, and requests for the provision of AFEX’s products or services) and from other people.
If the personal information we request is not provided, we may not be able to process an individual’s application for an account, or provide customers with the benefit of our services, or meet an individual’s needs appropriately.
- HOW WE MANAGE AND SAFEGUARD YOUR PERSONAL INFORMATION
We manage personal information using a computer software program called Customer Relationship Management (‘CRM’). The data from this software program is stored securely in our own internal company server. We also use administrative technical and physical security measures to protect your personal information. These measures include computer safeguards and secured files and facilities. We take reasonable steps to securely destroy or permanently de-identify personal information when we no longer need it. We will keep your Online Information only as long as we must to deliver our products and services, unless we are required by law or regulation or for litigation and regulatory investigations to keep it.
AFEX does not give individuals the option of dealing with them anonymously, or under a pseudonym. This is because it is impractical for AFEX to deal with individuals who are not identified and may also breach AFEX’s obligations under the anti-money laundering legislation.
- UNSOLICITED PERSONAL INFORMATION
AFEX may receive personal information about individuals we have not requested. If we receive unsolicited personal information, we will decide whether the information is reasonably necessary for our activities. If we would not have been able to collect the information, we will destroy or de-identify all unsolicited personal information.
- WHY DOES AFEX COLLECT, HOLD, USE AND DISCLOSE PERSONAL INFORMATION?
AFEX collects, holds, uses and discloses personal information for the following purposes:
- to provide services to our customers, including international payment and foreign exchange services;
- to assess applications by potential customers to open accounts;
- to obtain credit reports from credit reporting agencies;
- to assess the credit worthiness of potential customers;
- to comply with AFEX’s obligations under anti-money laundering legislation;
- to assess the suitability of our products and services for potential customers;
- to provide our customers with marketing information;
- to provide our customers with updates to their accounts, products and services;
- to conduct our business;
- to manage fraud and security risk, including to detect and prevent fraud or criminal activity;
- to safeguard the security of your information;
- to produce data analytics, statistical research, and reports;
- to comply with our legal obligations; and
- to help us manage and enhance our business.
- HOW MIGHT WE USE AND DISCLOSE PERSONAL INFORMATION?
We ‘use’ personal information when we handle and manage that information within AFEX. We ‘disclose’ personal information when we release that information from our effective control.
AFEX may use and disclose personal information for the primary purposes for which it is collected (outlined in clause 5 above), for reasonably expected secondary purposes which are related to the primary purpose, and in other circumstances authorised by law. Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose (unless the individual provides consent to use or disclose the information for another purpose), or where certain other limited circumstances apply (e.g. where required by law).
We will only use government identifiers (e.g. passport and drivers licence details) if is reasonably necessary for us to identify the individual for the purposes of providing our services, or engaging in any of our other functions or activities. We will generally only use identifiers to comply with our legal obligations under anti-money laundering legislation to identify our customers.
- TO WHOM MIGHT WE DISCLOSE PERSONAL INFORMATION?
We may disclose personal information to:
- third parties who we engage to do work on our behalf;
- consultants we engage, such as our lawyers, accountants, and other advisors;
- organisations involved in the provision of our services, including counterparty banks;
- organisations involved in managing our trading and money transfer functions;
- credit reporting agencies;
- an investigator or recovery agent;
- regulatory authorities or enforcement agencies, if required by law; and
- anyone else to whom the individual authorises us to disclose it.
We also collect personal information from these organisations and individuals, and deal with that information in accordance with this Policy. We engage other people to perform services for us, which may involve that person handling personal information we hold. In these situations, we prohibit that person from using personal information about the individual except for the specific purpose for which we supply it.
- SECURITY OF PERSONAL INFORMATION
The APPs require us to take all reasonable steps to protect the security of personal information. AFEX personnel are bound by a confidentiality agreement to respect the confidentiality of personal information and the privacy of individuals.
AFEX takes reasonable steps to protect personal information held from misuse and loss and from unauthorised access, modification or disclosure, for example by use of physical security and restricted access to electronic records. All personal information contained in hard copy documents held by AFEX is stored in locked cabinets. Physical access to the hard copy documents is restricted through measures such as security clearances and limiting access to a ‘need-to-know’ basis.
All personal information stored on AFEX’s computer system is backed up daily and monthly, and back-up copies are held in a secure location. All data is stored securely in our own internal company server. In relation to our CRM database, we apply the following guidelines:
- data ownership is clearly defined within AFEX , that is, each person who has access to personal information has the required level of access;
- passwords complexity is governed by IT policy to ensure that they are of an appropriate length, and not likely to be easily guessed;
- we utilise procedures which change an employee’s access capabilities when he/she is assigned to a new position;
- employees have restricted access to sections of the system which include the marketing database and personnel files;
- the system automatically logs and reviews all unauthorised access attempts for post-event investigations;
- the system automatically limits the amount of personal information appearing on any one screen;
- unauthorised employees are barred from updating and editing personal information;
- certain fields are masked to bar unauthorised employees;
- all personal computers which contain personal information are secured, physically and electronically;
- incoming and outgoing data i.e. data travelling outside AFEX network – done via public and non-private line is encrypted during transmission over the network;
- print reporting of data containing personal information is limited; and
- AFEX has created procedures for the disposal of confidential output, and appropriate controls have been instigated when confidential data is disseminated to authorised individuals.
- DIRECT MARKETING
AFEX does not use or disclose personal information we collect from individuals for the purpose of direct marketing unless:
- the personal information does not include sensitive information; and
- the individual would reasonably expect us to use or disclose the information for the purpose of direct marketing; and
- we provide a simple way of opting out of direct marketing; and
- the individual has not requested to opt out of receiving direct marketing from us.
If the individual would not reasonably expect AFEX to use or disclose their personal information for the purpose of direct marketing, AFEX may still use or disclose the information (unless it is sensitive information) for the purpose of direct marketing if:
- either the individual has consented to the use or disclosure of the information for direct marketing or it is impracticable to obtain that consent; and
- AFEX provides a simple way of opting out of direct marketing; and
- in each direct marketing communication, AFEX includes a prominent statement that the individual may make a request to opt out of direct marketing or otherwise draws the individual's attention to the fact that he or she may make such a request; and
- the individual has not already requested to opt-out of direct marketing from AFEX.
We do not disclose personal information we collect to third parties for the purpose of allowing them to direct market their products and services. We do not use or disclose sensitive information for direct marketing purposes. In relation to sensitive information, AFEX may only use or disclose sensitive information about an individual for the purpose of direct marketing if the individual has consented to the use or disclosure of the information for that purpose. AFEX notes that individuals have the right to request to opt out of direct marketing and we must give effect to the request within a reasonable period of time.
- HOW DO WE KEEP PERSONAL INFORMATION ACCURATE AND UP-TO-DATE?
AFEX takes reasonable steps to ensure that the personal information it collects, uses and discloses is relevant, accurate, complete and up-to-date. We ensure that personal information is collected and recorded in a consistent format, and new information is promptly added to our CRM database.
We may also remind you from time to time to update your personal information, or contact you to verify your personal information.
We encourage individuals to contact us in order to update any personal information we hold about them. Our contact details are set out below. If requested by the individual, AFEX will notify other organisations of any corrections to an individual’s personal information, unless it is impracticable or unlawful to do so. AFEX responds to requests to amend personal information within a reasonable time, and does not charge individuals for requests to correct information or for correcting the information.
- UPDATES TO THIS POLICY
This Policy will be reviewed from time to time to take account of new laws and technology, changes to our operations and practices and the changing business environment.
- PRIVACY TRAINING
- NON-COMPLIANCE AND DISCIPLINARY ACTIONS
- COMPLAINTS HANDLING
AFEX has an effective complaints handling process in place to manage privacy-related complaints. Complaints will generally be handled according to AFEX’s Complaints Policy, which you can obtain free of charge by contacting us and requesting a copy.
All complaints will initially be handled and investigated internally. We will investigate your complaint promptly. We will try to resolve your complaint quickly and fairly. Individuals can make a complaint to AFEX about the treatment or handling of their personal information by lodging a complaint to AFEX Compliance Department.
By telephoning: +65 6589 2100
By writing to:
AFEX Compliance Department
96 Robinson Road
#12-02 SIF Building
By emailing: firstname.lastname@example.org