Last updated: June 1, 2023
When you access our payment services, access our website (at Pebl.me) or any other websites that we own or control and enable internet users to access (our Sites), use the Pebl mobile application (Pebl App) or interact with our social media accounts (together, the Services), we may collect, use or otherwise manage your personal information.
In collecting, holding, using, disclosing and otherwise managing your personal information, Pebl will comply with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles under the Privacy Act.
2. What information we may collect
Personal Information is information or an opinion about an identified, or reasonably identifiable, individual.
Our Services enable and facilitate merchants to manage businesses, conduct transactions and safely accept payments, and may include services that enable and facilitate persons to pay each other. In conducting our business and providing the Services, we may collect your personal information. While you are not required to provide us with any personal information we request (and can refuse to do so), we may not be able to provide you with certain (or any) Services without this information, and we may be limited in how we can interact with you.
The personal information we collect will vary depending on our particular interaction with you, however in the course of accessing and using our Sites or Services it may be apparent to you the types of personal information we are collecting. Generally speaking, the kinds of personal information we collect may include:
if you are a User:
- your contact information such as your name, address, telephone number, email address and date of birth;
- information necessary to verify your legal and beneficial ownership of the business (which may include copies of government-issued identifiers, financial statements or documents, business invoices);
- business information such as ACN, ABN, address, website and phone number;
- proof of identity, such as your contact information and government identifiers;
- information regarding your preferences regarding our products and services;
- in order for us to provide our services to you, your financial information, including your bank account credentials, account numbers and general information about your financial circumstances and objectives; and
- other information necessary to provide you with information regarding our products or services or to undertake any transactions or dealings with you;
if you are a Customer:
- your full name, email address, phone number, and billing or shipping address, as input by you during the payment process;
- depending on what kind of payment method you choose to utilise for a particular transaction, we may collect information about your chosen payment method, including:
- for direct transfers: information about your bank account;
- for credit card purchases, information about your card including CVV / CCV, cardholder details, expiry date and card number;
- for purchases using GooglePay and/or ApplePay, information about your use of GooglePay or ApplePay (and any virtual card numbers associated with these payment methods)
- for purchases made using a buy-now-pay-later payment option, information about your use of the buy-now-pay-later service and any information you provide as part that service; or
- any other information you provide in the course of completing a transaction;
- details regarding the transactions using our Services between you and each Pebl User, including the transaction date, payment method utilised, name of the merchant and which may in some cases include information about your purchase;
- other information necessary to provide you with information regarding our products or services or to undertake any transactions or dealings with you; and
- information regarding your purchasing history utilising the Pebl Services; and
- if you are a general user of our Sites or social media accounts or if you make an inquiry or contact us through our Sites, your name, email address, and anything else you tell us about your business, transactions and needs in the body of your correspondence.
You may also choose to provide us with additional personal information via other methods, which include your voluntary participation in any promotion or program we may be running, in connection with an actual or potential business relationship with us, in response to marketing or other communications, or as part of interactions at trade shows or other events.
3. Use by minors
The Services we offer are not directed to individuals under the age of eighteen (18), and we request that they not provide personal information through the Services. We will promptly destroy any personal information we hold if we become aware the personal information relates to a person under the age of eighteen (18) (to the extent permitted by law).
4. How we collect your information
4.1 Information collected from You
Generally, we will always collect personal information about you, directly from you. For example, we may collect your personal information:
- when you register for an account with us, request information or services from us, or otherwise provide us with your details;
- when you enter into, or propose to enter into, a transaction directly with us;
- when you enter into, or propose to enter into, a transaction with a Pebl User using our Services;
- where you download or use the Pebl App, including in relation to your use of our Services;
- where you use our Sites or otherwise interact with us, including if you post information to our Sites or social media accounts;
- if you attend an event conducted by us; or
- when you complete a survey or enter a promotion or competition conducted by us or on our behalf.
4.2 Information collected from sources other than You
There may be occasions when we will collect your personal information from someone other than You. This may include:
- from our other service providers or business partners that help us provide our services. These may include:
- any card-payment network provider such as American Express Travel Related Payment Services Company, Inc. (American Express), MasterCard International Inc. (MasterCard), Visa Inc. (Visa), JCB Co., Ltd. (JCB), UnionPay International (UnionPay) and their respective affiliates;
- third party payment providers we have partnered with to offer the card-payment functionality and the direct account transfers functionality of our Services;
- third party buy-now-pay-later payment providers offered through our Services; or
- any other third party partners or providers as we may advise from time to time;
- from third parties you have authorised to disclose your information to us, such as if you are the representative of a business which is a Pebl User;
- from a publicly maintained record or other publicly available sources of information including social media and similar websites;
- from our Users in the course of their use of the Services (i.e. our Users may provide us with personal information that they have collected about You where You are their Customer, as part of our provision of the Services);
- when we conduct fraud monitoring, prevention, detection, and financial compliance activities or provide such services to our Users, we may receive personal information about You from our business partners, financial service providers, identity verification services, and publicly available sources (e.g., name, address, phone number, country), as necessary to confirm your identity and prevent fraud; or
- from third parties if you connect to our services or register an account with us using an external third-party application, such as Facebook or Google.
We will only collect your personal information from sources other than you if it is unreasonable or impracticable to collect that personal information from you, or where we have your consent to this collection.
We also collect information about your online activities on websites and connected devices over time and across third-party websites, devices, apps and other online features and services. We use Google Analytics on our Sites to help us analyse Your use of our Sites and diagnose technical issues.
We will delete, destroy or completely anonymise any personal information we hold when it is no longer relevant or necessary for the purposes which we collected it.
- browser and device data, such as IP address, device type, operating system and Internet browser type, screen resolution, operating system name and version, device manufacturer and model, language, plug-ins, add-ons and the language version of the Sites you are visiting;
- usage data, such as time spent on the Sites, pages visited, links clicked, language preferences, and the pages that led or referred you to our Sites.
When you visit our websites or other online services, we may leave a 'cookie’ in the memory of your web browser - please note that cookies do not cause any damage to your device, and they cannot access or read the files on your hard drive. These cookies make your interactions with our Sites easier, more useful and less time-consuming for you because they store information that is reusable each time you visit our website (such as your preferences).
The majority of web browsers are set to accept cookies. However, you may wish to set your browser to limit the number of cookies accepted or to block all cookies, by changing the browser’s settings. Please be aware that by disabling all the cookies on the Site, certain functionalities may not be available.
6. How we use the Information we collect
In this section, we have set out some of the main ways in which we may use personal information we collect or hold about You. In addition to these categories, we may also use your personal information for purposes reasonably related to those set out here, or if we are otherwise required or authorised by law.
If we need to use your personal information in other ways, we will provide specific notice at the time of collection and obtain your consent where required by applicable law.
6.1 Our Services
Generally, we collect, hold, use and disclose personal information so that we can offer our Services to You (including maintaining and improving on those Services) and to facilitate the business relationships we have with our Users as part of our legitimate business interests.
Instances where we may handle your personal information as part of our legitimate business activities include:
- monitoring, prevent and detect fraud and unauthorized payment transactions (including as part of our legal obligations);
- mitigating financial loss, claims, liabilities or other harm to us and our Users;
- responding to inquiries, sending service notices and providing customer support;
- promoting, analysing, modifying and improving our Services, systems, tools and the Pebl App, and to potentially develop new products and services;
- managing, operating and improving the performance of our Sites and Services by understanding their effectiveness and optimizing our digital assets;
- analysing and advertising our Services;
- conducting aggregate analysis and developing business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of, our business;
- sharing personal information with third party service providers and partners that provide services on our behalf and which help us operate and improve our business;
- ensuring network and information security throughout Pebl and our Services; and
- transmitting personal information within our affiliates for internal administrative purposes.
6.2 Contractual and pre-contractual business relationships
We may use personal information for the purpose of entering into business relationships with prospective Pebl Users, and to perform the contractual obligations under the contracts that we have with Pebl Users. Activities that we conduct in this context may include:
- creating and managing Pebl accounts and Pebl account credentials;
- accounting, auditing, and billing activities; and
- processing of payments, communications regarding such payments, and related customer services.
6.3 Legal and regulatory compliance
If relevant, we use personal information to verify the identity of our Users (and in some cases, their Customers) in order to comply with fraud monitoring, prevention and detection obligations, laws associated with the identification and reporting of illegal and illicit activity, such as AML (Anti-Money Laundering) and KYC (Know-Your-Customer) obligations, and financial reporting obligations.
These obligations may be imposed on us by the operation of law, industry standards, and by our financial partners, and may require us to report our compliance to third parties, and to submit to third party verification audits. We will only handle your personal information in this context as required by law or at the request of a relevant government authority.
7. Direct marketing
7.1 Marketing and promotional communications
We may send you email marketing communications about Pebl products and services, invite you to participate in our events or surveys, or otherwise communicate with you for marketing purposes, provided that we do so in accordance with the consent requirements that are imposed by applicable law.
We do not sell or rent the personal information of our Users, their Customers or our Site visitors.
7.2 Opting out / unsubscribing
Each of our marketing and promotional communications to you will contain a mechanism by which you can stop receiving those materials in the future (e.g. for emails, there is an ‘unsubscribe’ link at the bottom of the email). If you no longer wish to receive marketing or promotional materials or communications from us you may opt-out via the unsubscribe link included in such emails.
We will comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages that we are required to provide you with our Services and in accordance with law.
8. How we Disclose the Information we Collect
8.1 Pebl entities
We may share personal information with our related entities or affiliates (if applicable) in order to provide our Services and for internal administration purposes.
8.2 Our service providers
We may share personal information with a limited number of our authorised service providers that provide services on our behalf, such as identity verification services, website hosting, data analysis, information technology and related infrastructure, customer service, email delivery, and auditing services. We will only authorise such service providers to use or disclose the personal information as strictly necessary to perform services on our behalf or comply with legal requirements.
We require all service providers which may receive personal information from us to contractually commit to protecting the security, confidentiality and integrity of the personal information they handle on our behalf.
If any of the service providers we disclose personal information to are located outside of Australia, we will notify you in writing.
8.3 Our business partners
We may disclose personal information with third party business partners to provide our Services to our Users. Below is a list of our main service providers, which we may disclose personal information to in order to provide our Services (to both Users and Customers):
- card-payment network providers such as American Express Travel Related Payment Services Company, Inc. (American Express), MasterCard International Inc. (MasterCard), Visa Inc. (Visa), JCB Co., Ltd. (JCB), UnionPay International (UnionPay) and their respective affiliates;
- banks and other authorised financial institutions;
- our third party payment providers which allow us to offer the secure card-payment gateway functionality, and the direct account transfers (‘Pay ID’ and ‘Pay To’) functionality, as part of our Services; and
- third party buy-now-pay-later payments providers who we have partnered with to offer the buy-now-pay-later payment option functionality through our Services.
We require all business partners which may receive personal information from us to contractually commit to protecting the security, confidentiality and integrity of the personal information they handle on our behalf.
8.4 Our Users and third parties authorized by our Users
We may disclose personal information to Users as necessary to maintain a User Pebl account and to allow us to provide the Services. We may also share personal information with parties directly authorised by a User to receive personal information, such as when a User authorises a third-party application provider to access that User’s Pebl account using Pebl APIs.
8.5 Marketing purposes
8.6 Corporate transactions
In the event that we enter into, or intend to enter into, a transaction that alters the structure of our business, such as a reorganization, merger, sale, joint venture, assignment, transfer, change of control, or other disposition of all or any portion of our business, assets or stock, we may disclose personal information with third parties in connection with such transaction.
8.7 Legal and professional advisors
We may disclose personal information to our legal and professional advisors (including legal and accounting firms, auditors, consultants, insurers and other professional advisers).
8.8 Compliance and harm prevention
We may disclose personal information if we reasonably believe disclosure is necessary to:
- comply with any applicable law, regulation, direction from a government or law enforcement agency or payment method rules;
- enforce our contractual rights;
- protect the rights, privacy, safety and property of Pebl, you or others; and
- respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities.
8.9 With your consent or as required by law
We may also share or disclose your personal information in other ways, for other purposes or to other entities where we have your consent, or if this disclosure is required by law or by a regulatory authority.
9. Your rights and choices
9.1. Your consent
Where our handling, use or disclosure of your personal information is based on your previously given consent, you have the right to withdraw this consent (in whole or in part) at any time, by contacting us.
9.2 Accessing and correcting your personal information
We take steps reasonable in the circumstances to ensure any personal information we hold is accurate, up-to-date, complete, relevant and not misleading.
Where you have a Pebl account through the Pebl App, you can update certain of your personal information by logging into your account and editing your profile through the Pebl App.
In addition, under the Privacy Act, you have a right to seek access to and correction of your personal information that is collected and held by Pebl. If at any time you would like to exercise this right (or want more information about this right) please contact us using the details set out below. We will grant access to the extent required or authorised by the Privacy Act or other law and take steps reasonable in the circumstances to correct personal information where necessary and appropriate.
If you would like to review, correct, or update Personal Information that You have previously disclosed to us, you may do so by signing in to your Pebl account or by contacting us.
9.3 How to exercise these rights
If you would like to withdraw or amend your consent, or would like to exercise your right to access or amend the personal information we hold in relation to you, please contact us.
In order for us to facilitate such a request:
- you may be asked to provide proof of identity to ensure that personal information is provided only to the correct individuals and that the privacy of others is protected;
- we ask that you be reasonably specific about the information you require or the request you are making, or that you answer our reasonable queries to assist us to better understand your request; and
- (in relation to a request for access) we may charge you a reasonable administration fee, which reflects and will not exceed the cost to Pebl for providing you with certain access to your personal information in accordance with your request.
We will endeavour to respond to your request within 30 days of our receipt of your request. If we refuse your request (e.g. if we are unable to grant you access to certain personal information) we will provide you with written reasons for the refusal and details of our complaint mechanisms.
If you are a Customer, while we will assist you fully to the extent practicable and required by the Privacy Act, you may need to contact the individual Pebl user (i.e. the merchant in your transaction) in relation to certain aspects of your privacy rights.
We may not be able to facilitate (or respond to) certain requests if we no longer hold any personal information in relation to you.
10. How do we store and secure your personal information
10.1 Our security measures
We take steps reasonable in the circumstances to ensure the personal information we collect and hold is protected from misuse, interference and loss, and from unauthorised access, modification and disclosure. Examples of the security measures we have in place to secure your personal information include:
- your personal information is only accessible to a limited number of Pebl personnel who need access to the information to perform their duties and provide our Services;
- we monitor and regularly review our practises against our own policies, our legal obligations and industry best practice;
- we utilise identity and access management technologies to control access to systems on which information is processed and stored; and
- we have in place procedures and partnerships to ensure the general security of our technical environments.
Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have any reason to believe that your interactions or communications with us are no longer secure (for example, if you feel that the security of your account has been compromised), please contact us immediately.
Where you have an Pebl account with us, you are responsible for maintaining the confidentiality and security of your username and password, and you must notify us immediately if you believe either of your username, password or your account generally have been compromised. You must also comply with any requirements or obligations in our Terms and Conditions.
10.2 Our retention of personal information
We generally only retain your personal information for as long as we are providing the Services to you, and we will destroy or permanently de-identify any personal information we no longer required (to the extent permitted by law).
We may retain personal information after we cease providing Services directly or indirectly to you, even if you close your Pebl account or finalise your transaction with a Pebl User, for the following reasons:
- to the extent necessary to comply with our legal and regulatory obligations, including our tax, accounting, and financial reporting obligations;
- for the purpose of fraud monitoring, detection and prevention;
- where we are required to retain the data by our contractual commitments to our financial partners;
- if data retention is mandated by the payment methods that we support.
Where we retain data, we will only do so in accordance with any limitation periods and records retention obligations that are imposed by applicable laws.
11.1 Anonymous information
Information is anonymous if it is not associated with or linked to personal information, and cannot be used to identify an individual.
We may create anonymous data records from personal information we collect or hold in relation to you, by anonymising your personal information (e.g. removing your contact details) from those data records. We may use this anonymous data to analyse usage patterns or for other aggregate data analysis so that we may enhance the content of our Services. We reserve the right to use anonymous data for any purpose and disclose anonymous data to third parties in our sole discretion.
11.2 Your anonymity
You may request to engage with us using a pseudonym or whilst remaining completely anonymous, including when you make inquiries with us or send us complaints / feedback. We may be limited in our ability to engage with you if you request to use a pseudonym or remain anonymous.
However, in many instances we will need your personal information in order to provide our Services to you, and it may not be possible for us to provide you with our Services if you are engaging with us anonymously or using a pseudonym.
12. Overseas disclosures of your personal information
We currently operate Pebl in Australia, however certain of our partnered service provider are located in the United Kingdom and in the United States. For instance, Pebl’s identity verification service provider for merchants is located in the United Kingdom.
Therefore, personal information may be stored and processed in the United Kingdom or United States, or any country where we have operations (now and in the future) or where we engage service providers. We may transfer personal information that we maintain about you to recipients in countries other than the country in which the personal information was originally collected, including the United Kingdom and the United States. Those countries may have data protection rules that are different from those of your country.
We will at all times take reasonable steps to ensure that any such overseas recipients do not hold, use or disclose your personal information in a way that is inconsistent with the obligations imposed under the Privacy Act and the Australian Privacy Principles in the Privacy Act.
For the purposes of this section 13, ‘Personal Data’ has the meaning given in Article 4 of the European Union General Data Protection Regulations (GDPR).
Pebl is located in Australia and only provides services within Australia. You must provide us with advance written notice of our need to comply with the GDPR in relation to your Personal Data if you are located within the European Union at the time at which we will collect Personal Data or at the time at which we propose to transfer Personal Data overseas.
In such circumstances, we will advise you of our inability to provide or continue to provide you with the relevant products, services or access, and if you confirm that you would like us to proceed with your request, we may:
- terminate a relevant agreement or other document with you in relation to our products and services; or
- remove or restrict your access to our website or our online services.
15. Links to other websites
The Services we offer may provide the ability to connect to other websites. These websites may operate independently from us and may have their own privacy notices or policies, which we strongly suggest you review. If any linked website is not owned or controlled by us, we are not responsible for its content, any use of the website or the privacy practices of the operator of the website.
16. Privacy complaints
- will be treated seriously;
- will be dealt with promptly;
- will be dealt with in a confidential manner (to the extent lawful and practicable); and
- will not affect your existing obligations or affect the commercial arrangements between you and Pebl.
We will endeavour to respond to your complaint within a reasonable time, or within the time required by law, of our receipt of your request.
If you are a Customer, while we will assist you and respond to your complaint fully to the extent practicable and required by the Privacy Act, you may need to contact the individual Pebl user (i.e. the merchant in your transaction) in relation to certain aspects of your privacy rights and complaint.
As part of our process in addressing your complaint, we may commence an investigation into your complaint. You will be informed of the outcome of your complaint following completion of the investigation. In the event that you are dissatisfied with the outcome of your complaint, or an extension to the time in which we may will resolve it, you may refer the complaint to the Office of the Australian Information Commissioner.
17. Contacting us
For further information or enquiries regarding your personal information, or if you would like to opt-out of receiving any promotional or marketing communications or make a privacy complaint, please contact us using any of the following contact details: