We have prepared this Privacy Policy for people who use, may use or are applying to use our telecommunications services. This includes members of the public, people using or applying to use our services and existing Australia Internet Solutions (AINS) customers.

What personal information we collect

Generally, AINS collects personal information like name, address, date of birth, MyAccount username and password, gender, occupation, location, contact details, payment details, payment information (incl. credit card and account details where relevant), credit information, information about how and where you purchase and use our products, and information about comments that people make online. We may collect and use a government identifier issued to you (e.g. your drivers licence number) to verify your identity.

We also collect and generate additional personal information about you, your actual and possible interests and preferences, based on your activities with us (e.g. information related to SMSs, calls, internet browsing, your use of our websites and apps, location).

We may also obtain information about you from other people or entities such as an AINS re-seller, government, marketers, data brokers and other advertising-related organisations (Third Parties). For information about data that we obtain specifically for analytics and advertising, please consult our advertising department.

How we collect and hold personal information

We collect (and create) personal information in a few different ways, namely:

• We collect it straight from you, such as when you interact with us on social media, online, in-store or over the phone.
• We collect it from your device, such as when you use our apps, our website or our chat service.
• We collect it from your use of our network, such as when you browse the internet, make calls, or send texts that are routed through the AINS network.
• We collect it from Third Parties.
• We generate it in the course of our analytics work. For more information, please have a look at the Guide.

What we collect straight from you

More specifically, we collect personal information from you directly when you complete an application, pay a bill, fill in a competition form, make a complaint, give feedback or complete a survey. What we collect will usually be obvious.

Occasionally, you may give us sensitive information (e.g. health information). We don’t use this unless it is relevant to your account and you have given us your express consent.

What we collect from your device

When you access an AINS app, the AINS website, AINS chat functionality and when you call us using a number published on an AINS website, we collect information about you. This isn’t limited to your phone number, your device’s make and model – it also includes your location, what you explore/ watch/ download on our website/app and how long for, your IP address, order history and, a record of your comments to our agents. If you have a current email account with us, we also retain your emails if you don’t download them.

For more information about our use of cookies, please have a look at our Cookie Notice.

Sometimes when we collect information from your device the information collected could be used to infer sensitive information about you. We don’t use that information to collect or infer sensitive information about you unless we have your express consent. When we talk about sensitive information, we mean things like biometric information (e.g. a voiceprint), information about race or ethnicity, information about political views, health information, and criminal history.

What we collect from your use of our network

When you use your phone on our network, we collect and generate information about you. This isn’t limited to your device’s make and model- it also includes your location, the SMSs you are sending or receiving, the calls you are making or receiving, your IP address and information about what you are looking at and doing online. We will use your browsing history and patterns to derive insights about you as part of our analytics activities.

What we collect from others

Other people or entities might give us personal information about you, such as when you use a phone provided under someone else’s account (e.g. an employer or a parent) or when you use a service provided by an AINS re-seller.

We may also collect personal information from other companies that are able to disclose it to us, if it’s not practical to collect it from you. For example,

• We obtain personal information from trusted data brokers, marketers and other analytics and advertising-related organisations to help us identify people who might be interested in hearing about our products, or to target our ads better.
• We also obtain data gathered through cookies, cookie-like technologies and internet-scraping tools (e.g. from a public Facebook page, a blog or a Twitter feed). We do this to provide responses to you when you raise online queries or concerns, as well as to understand what people generally think about AINS and are saying about AINS. We also use them to track how effective our advertisements have been and what generates calls or other contacts to AINS.

If you are not a Customer of AINS, we may hold the information collected from others until you visit our webpage or contact us. If possible, we combine information arising from your contact with information we already hold in order to better serve you. For more information, have a look at the Guide.

We verify your identity using government services and obtain information from them. We may also access information in government databases if we are allowed to do so.

Security

We have security measures in place to protect your personal information.

Some of the security measures we use include:

• Account IDs, passwords and personal information about you that can be used to confirm your identity when you contact us or log into our systems.
• Firewalls and access logging tools that protect against unauthorised access to your data and our network.
• Secure work environments and workflow systems that prevent unauthorised access and copying of your personal information.
• Secure server and closed network environments.
• Encryption of data in transit.
• Virus scanning tools.
• Management of access privileges, to ensure that only those who really need it can see your personal information.
• Ongoing training and security reviews.

We consider that these measures are robust now, but security risks do change. Given this, we will continue to review security measures to protect your personal information.

Why we collect, hold, use and disclose personal information

We collect, hold, use and disclose personal information for a variety of business purposes, including:

• Providing the service or product that you have requested,
• Keeping you as a customer,
• Selling other AINS services or products to you,
• Enticing people to become customers, and
• Handling complaints or dealing with concerns, and
• Providing aggregated or masked personal information to other companies so that they can create audiences that can be marketed to advertisers

We also do so to improve our network and service offerings, develop and evaluate products and services, determine the success of our advertising, improve our business processes, understand what people are saying about AINS, receive technical support, personalise our services and marketing, and comply with our legal obligations.

We only use and disclose SMS content, email content and call content to provide the service to you, and to comply with law enforcement requests. We do not use SMS content, email content or call content in our analytics.

We may share your personal information within the wider AINS Group and with our service providers for the purposes outlined above. In limited situations, we work with third parties and provide limited data to assist them to provide services. For example, we share information with a third party to help fight bank fraud including information about your location and whether the SIM in your phone has recently been changed. The service lets your bank verify whether your mobile phone is near the place of your recent financial transactions and/or to check whether or not your mobile’s SIM has recently been swapped. Where we do share information with third parties, we require that there are contracts in place that only allow use and disclosure of personal information to provide the service and that protect your personal information in accordance with the Privacy Act 1988.

Otherwise, we will disclose personal information to others if you’ve given us permission, or if the disclosure relates to the main reason we collected the information and you’d reasonably expect us to do so. This may include situations where you ask us to replace or repair your device.

For more information about our analytics and advertising practices, please consult the Guide.

Services and products provided by others

We may choose to engage other people or businesses to provide services or products on our behalf. For instance:

• We may need to disclose information about you to our contractors or suppliers to enable delivery, provision, or installation of your device or service.
• If you lease a product from us, we may need to provide other companies with the personal information that they need to administer the lease.
• We provide access to your personal information to our outsourced contact centres (both calls and chat), sales agents, network support and technical support.

Most of our systems, including our network, are supported by off-shore service providers. They would have access to personal information about you only for the purpose of delivering necessary services to you or providing AINS business services.

In situations where your device needs to be repaired or is being replaced, we may send it to a repair/ assessment centre administered by someone else or to another Third Party (including the device manufacturer). Always make sure that you wipe all personal information from your device by performing a factory re-set before providing it to us- the device may be on-sold (including overseas) or the data on it may be accessible to repairers or manufacturers.

You should make sure that you review and agree to the privacy policy of your device manufacturer, as the terms of that policy will apply to any personal information shared with them or contained on the device sent to them. Your device manufacturer may send your device overseas or allow access to your personal information from overseas, depending on the terms of their privacy policy.

Complying with legal obligations

We give access to personal information where we are permitted or obliged to do so by Australian law. There are three main laws that we rely on to disclose personal information:

• The Privacy Act, which contains certain exceptions that sometimes allow us to disclose personal information outside of the reasons outlined above including for the purpose of investigating serious wrongdoing and as required by law.
• The Telecommunications Act 1997, which includes requirements that we provide information to emergency services and the IPND database, and allows us to provide information for directory listings and to retain data to run our network.
• The Telecommunications (Interception and Access) Act 1979, which requires that we enable interception and access capability for law enforcement and store for at least two years and, when requested, provide specified information and metadata associated with your service/s, their use and location to certain government agencies and law enforcement.

We may also receive requests under statute for meta-data relating to your service and use of your service, warrants or subpoenas for personal information, which we must comply with.

Opting out of advertising and analytics

We give people the choice of opting out of some of AINS’ analytics and advertising activities.

If you were presented with a marketing opt-in, we will not send you marketing emails or SMSs unless you opted in. Otherwise, we will market to you until you opt-out, including if you are no longer a customer of AINS. In that regard:

• All marketing related emails and SMSs that we direct to you contain an unsubscribe or opt out functionality.
• You can manage your marketing preferences by contacting us directly on 1300887877
• If you don’t want ‘push notifications’, disable them in the relevant app or in your device’s setting.

However, this won’t necessarily stop the collection of personal information about you by us or by Third Parties, and, if you’re online, information is probably being captured about you. You may like to consider:

• Clearing cookies from your browser in your browser settings. You can also use the do not track function on your browser, noting that not all websites respect it.
• Resetting your mobile device advertising identifier, using the settings in your device.
• Setting up privacy settings on your social media pages to make them ‘private’ to block screen scrapers and/or prevent the sharing of your data. Note that clicking social media links (e.g. ‘Like’) adds to the profile that the social media company has about you and any blogs that you write or comments that you make in online forums are also likely to be captured.
• Opting out of Google’s advertising activities, of the activities of members of the Network Advertising Initiative, and of the activities of members of Digital Advertising Alliance. This list is not exhaustive.

There are some types of marketing we can’t control on an individual basis, like general letterbox drops or online ads that are not targeted specifically to you. Your opt-outs won’t affect these.

Credit Related Information

AINS collects and uses personal information to verify your identity and assess your credit situation when you apply for some products. For example, we generally do a credit assessment before you take a product with a monthly billing account.

We might ask you for information about yourself and things like your employment details and credit history, and then seek a credit report from a credit reporting body.

We’ll always tell you before we seek a credit report, and we won’t get one if you’re under 18.

The credit information that we may collect from credit reporting bodies may include information like your employment history; previous credit checks; whether you’ve opened or closed any accounts (e.g. bank accounts, accounts with telecommunications providers, accounts with utilities); increases or decreases in the amount of credit that you have received (e.g. changes to credit card limits, changes to service plans); information about any defaults that you’ve had and whether those issues were resolved. AINS uses this information to assess whether we are entering into an arrangement that is sensible for both you and us. We may also provide these types of information to the credit reporting bureau with whom we work (details below).

We might also use and disclose this information and/or information about your payment patterns with AINS to perform internal evaluations, manage your service, manage your debt to us, and evaluate new or existing credit-related products or services. We do not exchange repayment history information with credit reporting bodies, though.

After you become a customer, we store the crucial bits of information from the credit report and our own credit assessment. We may continue to use this information, or add to it using your history with AINS, to manage credit and future credit applications, and to make sure we’re offering and providing the right services to you.

AINS doesn’t use credit related information to generate marketing lists. Sometimes, we might ask a credit reporting body to do that for us. You can ask the credit reporting body not to use your information for these purposes by getting in touch with them directly.

In some circumstances, we may need to refer or sell overdue debts to debt collectors or other companies. If we do this, we’ll give them secure access to the personal information they need to handle the debt. We may also update credit reporting bodies about some types of payment defaults, although we’ll always tell you before we do this. We’ll also always update them once payment has been made.

AINS works with customer service partners inside and outside Australia on credit related matters. Where necessary, we give our partners access to the credit information they need to help manage credit and your services.

You can get access to credit related information we hold about you, ask us to correct it, or make a complaint, as described elsewhere in this policy. If we agree that our records need to be corrected, and we’ve previously disclosed that information to a credit reporting agency or other person, we’ll tell them about the correction too.

You can ask the credit reporting bodies not to use or disclose the information in their files if you think you have been or are likely to become a victim of fraud.

You can find out more about the credit reporting bodies AINS works with at www.equifax.com.au and www.dnb.com.au. Their websites give their contact details and their policies about the management of your personal information.

How you can access and seek correction of personal information

If you ask us, we will usually give you access to the personal information we hold about you. It will really help if you tell us what you’re looking for, and be aware that a lot of information is available in MyAccount.

Before we give you access, though, we need to identify you, just as we do when you want access to your account. If you don’t have an account with us, only a service, we probably won’t be able to identify you sufficiently to grant you access. The account holder should always be able to request access, though.

There is generally no cost for accessing the personal information we hold about you, unless the request is complex or resource-intensive. If there is a charge, it will be reasonable and we will let you know what it is going to be so that you can agree to it before we go ahead.

We aim to keep the personal information we hold about you accurate, up-to-date and complete.

If you think our records need to be corrected or if you want access to the personal information that we hold about you, please call us on 1300887877 or chat with one of our agents:

Making a privacy complaint

If you have any questions or concerns about this policy or our practices, or wish to make a complaint, you can get in touch with us by:

• Calling 1300887877
• Sending a letter to AINS, World Trade Centre Tower 4 Level 11 18-38 Siddeley Street Docklands VIC 3008

You can find out more about our complaint process and complaint handling policy at https://ains.com.aucontact . If you make a complaint about privacy, we will acknowledge receipt of your complaint, and try to investigate and respond to you within 30 days. If you are unhappy with the outcome, you can lodge a complaint with the Telecommunications Industry Ombudsman or the Office of the Australian Information Commissioner.

Disclosure of personal information overseas

AINS and some Third Parties and service providers that we refer to in this policy are located overseas. They are generally involved in providing services like data storage, data analysis, targeted advertising and reporting, customer support, and technical/ network support. They may also develop products that we then sell or provide to you, often under license.

We ensure that, if we share personal information with parties located overseas (whether by disclosing it to them or merely by allowing them to access it), they are subject to strict controls that limit access to, and use and disclosure of your information. For instance, we contractually require that they only use and disclose what is strictly necessary to perform the relevant function and require that they protect your information from unauthorised use and disclosure. We require that they handle your personal information in accordance with the Privacy Act 1988.

The countries and regions in which these companies and Third Parties and service providers are located include Singapore, India, Philippines, USA, Canada, the European Union (including the UK), the Mexico, Malaysia, Japan, Israel and New Zealand.

Version Control

This policy was released on 25 January 2019.