Privacy and Credit Information Policy AUNZ

Kyocera Document Solutions Australia Pty Ltd (ABN 77 003 852 444) and Kyocera Document Solutions New Zealand Ltd (NZBN 94 290 40 547 299) (we, us or our) are committed to protecting your privacy. This policy explains how we collect, use and protect your personal information. It applies to all personal information we handle, whether we collect it through our website, in person, or through other means. This policy explains how we collect, use and protect your personal information and complies with the Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs) in Australia, and the Privacy Act 2020 and Information Privacy Principles (IPPs) in New Zealand.

Quick overview

• We collect information you provide to us and information we gather when we interact with you.

• We use this information to provide our services and improve your experience.

• We protect your information using secure systems and processes.

• You have rights regarding your personal information, including access and correction rights.

Information we collect

We collect the information detailed below.

Basic identifying and contact details

• name, address, email address and phone number

• professional details

Service-related information

• payment and transaction details for products and services you have purchased from us

• your preferences for our services and your marketing preferences

• feedback and survey responses

Digital information

• IP address and general location information derived from your IP address 

• search and browsing behaviour

• website usage patterns

• cookie preferences

• social media handles

• blog comments and testimonials

• system configuration information

• mobile carrier information

• metadata concerning your information

• device identification numbers

• date and time stamps associated with transactions
  
  

Professional information (for job applicants and workers)

• employment history

• professional experience

• required authorisations and licences

• professional registrations

Credit information

The types of “credit information” (as defined by Australian privacy law) we may collect about you include:

• your personal details (name, address, phone number, and email address)

• your geographic location and IP address

• records that you applied for credit with us

• the credit amount you applied for

• the credit amount we provided to you (if applicable)

• payment terms for any credit we provided, including repayment periods

• your payment history, including any missed or late payments

• details of any credit you received that has been fully repaid or discharged

• information obtained from your credit references

• records of personal bankruptcy or insolvency

• information about any court proceedings involving you

• information obtained from credit managers’ bureaus

• information from identification document providers.

The types of “credit eligibility information” (as defined by Australian privacy law) we may collect about you from credit reporting bodies include:

• your credit report

• your credit assessment score.

The contact details of the credit reporting body we currently use are outlined below. Each credit reporting body has a credit reporting policy about how they handle your information:

• Creditorwatch Pty Limited ABN 80 144 644 244

• Creditorwatch’s credit reporting policy is available (and you can obtain a copy of your credit report) at www.creditorwatch.com.au
  
  

How we collect personal information

We collect personal information:

• directly from you when you interact with us, contact us or fill out forms

• automatically when you visit our website, use our technologies or interact with our online services

• from third parties including service providers, business partners, public sources, government organisations and other organisations or people authorised by you.

Why we collect, hold, use and disclose personal information

We collect and use your personal information to run our business and provide our services as set out below.

Business operations

• to manage our relationship with you as a customer or supplier

• to process and deliver our products and services

• to handle your enquiries, support requests, and communications

• to maintain accurate records for billing and administration

• to verify your identity when required or permitted by law

Communication and support

• to respond to your questions and support requests

• to communicate important updates about our services

• to handle enquiries made through our website or platforms

• to manage your participation in surveys, feedback sessions, or events

Service improvement

• to conduct analytics and market research

• to improve our business operations and services

• to develop and enhance our applications and platforms

• to understand how our services are used

Marketing and promotions

• to send you promotional information about our services and events

• to inform you about products or services that may interest you

• to manage your marketing preferences

• to run competitions, promotions, and special offers

• to provide additional benefits to our customers

Employment purposes

• to assess employment applications

• to evaluate candidate qualifications

• to manage professional certifications and licences

• to maintain employment records

Legal and compliance

• to comply with our legal obligations

• to respond to court orders or legal processes

• to maintain required business records

• to fulfill regulatory requirements or reporting obligations

• to protect our legal rights and interests, or

• as otherwise authorised by law

Credit information

We may collect, hold, use and disclose credit information and credit eligibility information for the following purposes:

• verifying your identity

• obtaining credit information from credit reporting bodies

• assessing your application for credit (or assessing your application to be a guarantor in relation to such credit)

• assessing your creditworthiness, including collecting your payment history in relation to any credit provided by us to you

• enforcing our rights against you or your guarantors for repayment of any amount owed by you to us

• working with you as a customer or supplier

• administering your account, including for internal record keeping, administrative, invoicing and billing purposes

• dealing with complaints or issues you may have in relation to our business

• complying with our legal obligations and resolving any disputes that we may have

• enabling insurers to assess risk and manage our contractual arrangements

• considering hardship requests you may make,

• or as otherwise required or authorised by law.

Our disclosures of personal information to third parties

We may disclose personal information to the following third parties.

Service providers

• IT service providers

• data storage providers

• web hosting and server providers

• payment processors

• marketing and advertising providers

• analytics providers

• customer support and helpdesk service providers

Professional advisers

• bankers

• auditors

• insurers and insurance brokers

• legal advisers

Business partners

• our related bodies corporate

• our existing or potential agents

• our business partners or contractors

Corporate transactions

If we merge with or are acquired by another company, or sell our business assets, your information may be:

• disclosed to our advisers

• disclosed to the advisers of potential purchasers 

• included in the transferred assets.

Legal and regulatory bodies

• courts and tribunals

• regulatory authorities including as required for reporting obligations

• law enforcement officers

If required to provide your information to a law enforcement agency, we remove our own encryption before disclosure. However, we cannot decrypt already-encrypted information you store on our services.

Other parties

• third parties you have authorised

• emergency services when necessary

• any other parties as required or permitted by law

Credit information

We disclose your credit information to third parties only when it is necessary as part of our business, when we have your consent, or as permitted by law. This means that we may disclose credit information to the following third parties.

Credit providers and guarantors

• other credit providers to help them assess your existing financial arrangements with us

• potential guarantors so they can decide whether to guarantee your credit or offer property as security

• guarantors when we need to enforce our rights against them

Service providers

• IT service providers

• data storage providers

• web hosting and server providers

• payment system operators, debt collectors and other service providers who help us recover debts, and our professional advisers

Employees and business partners

• our employees, contractors and related companies

• our existing or potential agents or business partners

Legal and regulatory bodies

• courts, tribunals, regulatory authorities and law enforcement officers as required or authorised by law, in connection with actual or prospective legal proceedings, or to establish, exercise or defend our legal rights

• courts and tribunals if you fail to pay for goods or services we provide

Corporate transactions

If we merge with or are acquired by another company, or sell all or part of our assets, we may disclose your information to our advisers and any prospective purchaser’s advisers. Your personal information may be among the transferred assets.

Other parties

We may also disclose your credit information to other third parties you have authorised, or as otherwise required or permitted by law.

Third-party applications

We may share your information with third-party applications with your consent, for example when you choose to access our services through such an application or when you integrate third-party services with your account.

We are not responsible for the privacy practices of third-party applications. You should ensure you trust any third-party application and that it has a privacy policy acceptable to you

Overseas disclosure

Before disclosing your personal information overseas, we take reasonable steps to ensure recipients treat your information in accordance with applicable law. We do this by:

• sending only what is necessary

• requiring recipients to comply with applicable privacy standards through contractual agreements or comparable safeguards

• monitoring how they handle your information.

Storage and access

We store your personal information in Australia. However, your information may be accessed from or transferred to locations outside Australia when:

• our service providers, including customer support and helpdesk services, are located overseas

• we work with overseas business partners

• we use cloud-based services or data storage solutions.

The locations to which we are most likely to disclose personal information are the Philippines, Japan, New Zealand and the Pacific Islands.

Credit information

We may disclose credit information to individuals or entities that do not have an Australian link.

Your privacy rights and choices

Your rights include choosing what information you provide to us, accessing and correcting information we hold about you, and opting out of marketing communications.

Providing information

You can choose whether to provide personal information to us. If you prefer not to provide specific information, we can tell you whether the lack of that information restricts our ability to provide certain services.

Access to your information

You can request access to the personal information we hold about you. We respond to access requests within a reasonable time and charge reasonable administrative fees for providing access. If we cannot provide access, we explain why and explore alternative ways to share relevant information. Circumstances in which we need not provide access include when:

• we believe there is a threat to life or public safety

• there is an unreasonable impact on other individuals

• the disclosure would involve an unwarranted disclosure of the affairs of another person or a deceased person

• the request is frivolous

• the disclosure of the information would breach legal professional privilege

• the information would not be ordinarily accessible because of legal proceedings

• it would be unlawful

• it would be likely to harm the activities of an enforcement body

• it would harm the confidentiality of our commercial information or disclose a trade secret or be likely to unreasonably prejudice the commercial position of the person who supplied the information or who is the subject of the information.

Correction rights

You can ask us to correct information that is inaccurate, out of date, incomplete, irrelevant or misleading. We take reasonable steps to correct your information promptly. If we cannot make the correction, we explain why and discuss alternatives. You can ask us to add a statement to your information noting your requested correction.

Marketing communications

You can opt out of receiving marketing communications at any time. Marketing communications include an unsubscribe option. You can change your marketing preferences by contacting us. We process your request as soon as practicable.

How to contact us

You can contact our privacy officer to access your information, correct inaccurate information, change your marketing preferences, or make a complaint about our privacy practices.

Provide your full name, contact details, a clear description of your request or complaint, and any relevant dates or reference numbers.

We do not charge you for making a request except for reasonable access fees when applicable.

Once you contact us we:

• verify your identity

• process your request

• help you understand and exercise your rights.

Additionally, in response to a complaint, we:

• investigate and determine appropriate action

• respond in writing within 30 days

• explain our planned action and keep you updated on progress.

If you are not satisfied with our response to a complaint, you can:

• request a review by our senior management

• contact the appropriate external body

Australian residents: Office of the Australian Information Commissioner 

(phone 1300 363 992, www.oaic.gov.au)

New Zealand residents: Office of the New Zealand Privacy Commissioner 

(phone 0800 803 909, www.privacy.org.nz)

Protecting your information

Our ISO 27001-certified information security management system implements organisational, people, physical and technical controls to protect your information from misuse, interference and loss, and prevent unauthorised access, modification or disclosure.

In the event of a data breach affecting personal information, we notify affected individuals and relevant authorities in compliance with applicable legislation.

Note that we cannot control or protect information you make publicly available. Information you share on public platforms can be accessed and used by others.

How long we keep your information

We securely destroy or de-identify your information once we no longer need it for the purposes for which we collected it and are not required by law to retain it.

Our policy toward children

Our services are not directed to, and we do not knowingly collect personal information from, persons under 18. If we become aware that a child under 18 has provided us with personal information, we delete the information as quickly as possible. A parent or guardian who becomes aware that their child has provided us with personal information without their consent can contact us to request deletion. 

Cookies and analytics

We use cookies, tracking pixels, and similar technologies on our website and in our emails to improve your experience and our services.

How we use these technologies

We use cookies — small text files stored on your device — to remember your preferences and login status, maintain your session security, and enable core website functions.

We use tracking pixels — small images embedded in web pages and emails — to measure how you interact with our content, including page views, navigation patterns and email engagement.

We use Google Analytics to understand how our website is used, including traffic patterns and user behaviour, to identify areas for improvement.

We use advertising tools like Meta Pixel to measure how our advertisements perform and to show you more relevant advertisements on Meta platforms such as Facebook and Instagram.

We use these technologies to personalise your experience, deliver more relevant content and tailor recommendations to your interests.

How you can manage these technologies

You can manage cookies by adjusting your browser settings to block or delete them, or by using our cookie preference settings. Note that blocking cookies may affect website functionality and your experience.

You can prevent tracking pixels in emails from loading by configuring your email client to block images.

You can opt out of Google’s advertising features through your Google account settings, browser add-ons or your device’s privacy settings. For more information on how Google uses your data and your available options, visit Google’s privacy pages.

You can manage whether we connect information from our website with your Meta account for advertising purposes by adjusting your settings within your Meta account preferences.

Artificial intelligence

We use artificial intelligence (AI) and machine learning technologies in our business operations and services, including AI tools provided by third parties. We use these technologies only when legally permitted and necessary for our business. We do not use automated systems to make decisions that have a legal or significant impact on individuals without appropriate human review.

How we use AI

We may use AI technologies to:

• conduct analysis and data processing

• improve and optimise our services and operations

• automate routine tasks and communications

• personalise your experience with our services

• support quality assurance processes.

Data protection and security

We do not include personal or sensitive information in prompts to AI tools. When we work with third-party AI providers, we use contractual requirements and other safeguards to ensure information is managed in compliance with relevant legislation.

Your rights and our commitments

Information about you generated or inferred by AI technology is treated as personal information, and you retain the rights outlined in this privacy policy. 

You can contact us if you have concerns about the way an automated process may affect you. We can provide further information about the nature of the process, and where appropriate, arrange for a member of our team to review or reassess the decision.

When using AI, we make the following commitments.

Transparency and control

• We inform you when AI is used to make decisions that may affect you significantly. 

• We maintain human oversight and review of significant AI-generated decisions.

• We train our staff to understand AI limitations and verify outputs before relying on them.

• We implement processes to verify the accuracy of AI-generated outputs.

Security

• We use appropriate technical and organisational measures to maintain the security and integrity of your personal information.

• We regularly test and monitor AI outputs for accuracy and reliability.

Risk mitigation

• We regularly assess and document risks associated with using AI to process personal information.

• We implement appropriate measures to address these risks.

• We continuously monitor AI performance and regularly review their impact.

Links to other websites

This privacy policy applies only to information we collect. Links from our website to third-party websites are for your convenience only and do not constitute sponsorship, endorsement or approval of those websites. We are not responsible for the privacy practices of other websites. We encourage you, when you leave our website, to read the privacy statement of each website that collects your personal information. 

Amendments

We update this policy by posting a revised version on our website. We recommend that you review our website to stay current with changes to this policy.

Document control

This document is a version of the Privacy and Credit Information Policy published on our website. It is intended for easy reference and distribution. The website version takes precedence in the event of a discrepancy.

Document history

The revision date is the date the document is approved for release.