Updated March 2016
We are committed to protecting your privacy, in accordance with applicable Australian privacy laws including the Australian Privacy Principles and credit reporting provisions in the Privacy Act 1988 (Cth).
This Policy explains how we collect, use, disclose and otherwise handle personal information, including credit-related personal information. Personal information means information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable (for example, your name, email address and phone number).
1. What we collect
The type of personal information that we collect about you depends on the type of dealings you have with us. For example, if you:
- are a commercial customer, we collect details such as your name, job title, address, telephone number, email address, credit-related information about you (see under heading 5), payment details and transaction related information (such as your purchasing and payment history with us). We may also collect your driver's licence number if you pay by cheque, for identification purposes
- are a supplier, we collect details such as your name, job title, address, telephone number, email address, payment details and transaction related information (such as items we have purchased from you)
- register to attend a trade show, we will collect your name, job title, email address, phone number, whether you are an exhibitor or a delegate and, if you are a delegate, details about your business (such as whether you have an L&H account)
- enter one of our competitions, we will collect your name, contact details and any other information you provide when submitting your entry
- send us an enquiry or provide us with feedback, we may collect your name, contact details, details of your enquiry or feedback and information about our response
- apply for a job with us, we will collect the information you include in your job application, including your cover letter, resume, contact details and referee reports
1.1 Sensitive information
Sensitive information is a subset of personal information that is generally afforded a higher level of privacy protection, such as health information. We only collect sensitive information where it is reasonably necessary for our functions or activities and either the individual has consented, or we are required or authorised by or under law (including applicable privacy legislation) to do so.
1.2 Collection of information other than personal information through our website
When you visit our website, some of the information that is collected about your visit is not personal information, as it does not reveal your identity.
Site visit information
For example, we record your server address, the date and time of your visit, the pages you visited, any documents you downloaded, the previous site you visited and the type of device, browser and operating system you used.
We use and disclose this information in anonymous, aggregated form only, for purposes including statistical analysis and to assist us to improve the functionality and usability of our website. You are not individually identified, however we reserve the right to use or disclose this information to try to locate an individual where we reasonably believe that the individual may have engaged in any unlawful or inappropriate activity in connection with our website, or where we are otherwise required or authorised by law to do so.
A cookie is a small string of information that a website transfers to your browser for identification purposes. The cookies we use do not identify individual users, although they do identify the user's internet browser.
Most internet browsers are set to accept cookies. If you prefer not to receive them, you can adjust your internet browser to reject cookies, or to notify you when they are being used. There are also software products available that can manage cookies for you. Rejecting cookies can, however, limit the functionality of our website.
2. How we collect personal information
We collect personal information in a number of ways, including:
- when you provide information in person (for example, in our stores and at industry trade shows)
- through our website (for example if you use our NOW Online platform or complete the "email us" form)
- over the telephone
- through written correspondence (such as letters, faxes and emails)
- on hard copy forms (for example, competition entry forms and surveys)
- through surveillance cameras at our stores and corporate premises
- from third parties, including credit reporting bodies and other credit providers (see under heading 5)
2.1 Collection notices
Where we collect personal information about you, we will take reasonable steps to provide you with certain details about that collection (such as why we are collecting the information and who we may share it with). We will generally include this information in a collection notice.
3. Why we collect personal information
The main purposes for which we collect, hold, use and disclose personal information are set out below.
- processing transactions for products and services (both in-store and online) and delivering products and services to customers
- establishing and operating credit accounts for our customers, conducting credit checks (see under heading 5) and collecting overdue payments
- establishing and operating online accounts for our customers
- operating incentive programs
- promoting ourselves and our products and services, including through direct marketing, events and competitions (see under the heading "Direct marketing" below)
- sourcing products and services for our business
- performing research and statistical analysis, including for customer satisfaction and product and service improvement purposes
- protecting the security of our offices, stores, staff, customers, suppliers and merchandise (including theft and fraud prevention)
- answering queries and resolving complaints
- recruiting staff and contractors
We may also collect, hold, use and disclose personal information for other purposes explained at the time of collection; which are permitted by law; or for which you have provided your consent.
We may contact you directly to let you know about us and our products and services (including special offers, promotions, events and changes to our products and services), either where we have your express or implied consent, or where we are otherwise permitted by law to do so. We may contact in a variety of ways, including by attending at your street address, or by mail, email, SMS,
When you provide your personal information to us, L&H Group is required give you the choice as to whether or not you wish to receive further information about special offers, promotions, and changes to our products and services. If you indicate that you do not wish to receive these, we will not contact you further for these purposes. Please allow 28 days for your request to be processed.
If you receive promotional information about L&H Group and do not wish to receive this information any longer, you may remove your name from our list either by contacting our marketing department on 03 9243 3555 or faxing your request to 03 9243 3575 and asking to be removed from our mailing list. Please allow 28 days for this request to be processed.
If you receive marketing material by email, you can request to not receive further email marketing material by clicking on the unsubscribe button in the email you have received.
Where you have consented to receiving marketing communications from us, your consent will remain current until you advise us otherwise. However, you can opt out at any time, by:
- contacting us (details under heading 10 below)
- advising us if you receive a marketing call that you no longer wish to receive these calls
- using the unsubscribe facility that we include in our commercial electronic messages (such as emails and SMSes)
4. Who we may share your personal information with
We may share your personal information with third parties where appropriate for the purposes set out under heading 3, including:
- financial institutions for payment processing
- credit reporting bodies and other credit providers (see under heading 5)
- regulatory, investigative or government bodies where required or authorised by law
- referees whose details are provided to us by job applicants
- our contracted service providers, including:
- freight and delivery providers
- information technology and data storage providers
- function and event organisers
- marketing and communications agencies
- research and statistical analysis providers
- debt collectors
- call centres
- hard copy and electronic mail houses
- external business advisers (such as recruitment advisors, accountants, auditors and lawyers)
In each case, we may disclose personal information to the service provider and the service provider may in turn provide us with personal information collected from you in the course of providing the relevant products or services.
5. Credit-related personal information
We may provide credit within the meaning of the Privacy Act to our customers in connection with the supply of our products and services (for example, if we bill your after supplying products or services to your business). If we share credit-related personal information about you with credit reporting bodies (CRBs) or other participants in the credit reporting system (including other credit providers), we are required to comply with the credit reporting provisions in Part IIIA of the Privacy Act and the Credit Reporting Privacy Code (CR Code).
5.2 Why we collect credit-related personal information
We collect, hold, use and disclose credit-related personal information for the purposes permitted by the Privacy Act and the CR Code, including:
- to assess your application for credit and verify your identity
- if you are a director of a corporate customer:
- to assess whether to accept you as a guarantor of the corporate customer's obligations under a credit facility provided by L&H
- to collect payments that are overdue in relation to commercial credit provided to the corporate customer
- to derive assessments, evaluations, scores, ratings and summaries relating to your credit worthiness
- to manage your account, including collecting payments and assisting you to avoid defaulting on your credit obligations
- to undertake debt recovery and enforcement activities
- to participate in the credit reporting system (including by providing credit-related personal information to CRBs and other credit providers)
- for other purposes required or authorised by law
5.3 The credit-related personal information we collect
The credit-related personal information that we may collect and hold includes:
- your current and prior names, addresses and employers, gender, date of birth and driver's licence number
- the fact that you have applied for credit with us or other credit providers and the type and amount of credit sought
- the fact that you have agreed to guarantee the obligations of another under a credit facility offered by us
- the day that credit is entered into with us or other credit providers, the terms or conditions of that credit and the maximum amount of credit available
- the day on which credit provided to your business is terminated or otherwise ceases
- credit payments of $100 or more owed to us or another credit provider that are overdue for more than 60 days that you have been notified of (and whether you have subsequently repaid the overdue amount)
- whether you have committed a serious credit infringement
- whether you have entered into an arrangement with us or another a credit provider in connection with credit provided to your business
- credit-related court proceedings and personal insolvency information
- publicly available credit-related information
- a credit rating or score that is calculated by a CRB (or by us using information from a CRB) and that has a bearing on your credit-worthiness
- administrative information relating to credit provided by us
5.4 How we collect and hold credit-related personal information
We collect credit-related personal information from you (directly or through the operation of your account with us), from CRBs and other credit providers and from other third parties where this is permitted under Part IIIA of the Privacy Act. We may also generate the information ourselves, through our own analyses.
The information will be held by us on our customer database, in physical and/or electronic form located in Australia.
5.5 Who we disclose credit-related personal information to
We may disclose credit-related personal information to third parties for the purposes outlined above, including to:
- CRBs and other credit providers
- our related bodies corporate
- third parties that manage credit applications for us
- debt collectors and credit management agencies
- third parties in connection with the potential assignment of debts, security for credit or purchase of an interest in L&H
- other third parties where required or authorised by law
CRBs may include the information we provide them in reports provided to other credit providers, to assist them in assessing your credit-worthiness.
5.6 The CRBs we use
Mail: Customer Relations, Veda Advantage, PO Box 964, North Sydney, NSW, 2059
Phone: 1300 850 211
Dun & Bradstreet Australia
Mail: Public Access Centre, Dun & Bradstreet Australia, PO Box 7405, St Kilda Rd VIC 3004
Phone: 1300 734 806
Experian Australia Credit Services Pty Ltd
Mail: Privacy Manager, Experian Australia, PO Box 1969, North Sydney, NSW, 2060
Phone: 1300 783 684
5.7 Your rights in relation to CRBs
(a) Pre-screening for direct marketing
Credit providers can ask CRBs to use your credit reporting information to "pre-screen" marketing lists for the credit provider. You can tell CRBs not to use your credit reporting information for this purpose by contacting them (details above).
(b) Victims of fraud
If you think you have been, or are likely to be, a victim of fraud (including identity fraud), you can contact the CRB (details above) and ask them to put a ban on using or disclosing your credit reporting information.
5.8 Access and correction of credit eligibility information
You have the right to access and correct the credit-related personal information that we hold about you. If you wish to make an access or correction request, please refer to heading 8.
5.9 Complaints about credit-related personal information
If you have a complaint about our handling of credit-related personal information, please refer to heading 9.
6. Cross border disclosure of personal information
We may disclose personal information to third parties located overseas in the following situations:
- Hong Kong
In each case, we will comply with the requirements of the Privacy Act that apply to cross border disclosures of personal information.
7. Data quality and security
We hold personal information in a number of ways, including in hard copy documents, electronic databases, email contact lists, and in paper files held in drawers and cabinets. Paper files may also be archived in boxes and stored offsite in secure facilities. We take reasonable steps to:
- make sure that the personal information that we collect, use and disclose is accurate, up to date and complete and (in the case of use and disclosure) relevant;
- protect the personal information that we hold from misuse, interference and loss and from unauthorised access, modification or disclosure; and
- destroy or permanently de-identify personal information that is no longer needed for any purpose that is permitted by the APPs.
You can help us keep your information up to date, by letting us know about any changes to your details, such as your address, email address or phone number.
The steps we take to secure the personal information we hold include website protection measures (such as firewalls and anti-virus software), security restrictions on access to our computer systems (such as login and password protection), controlled access to our corporate premises, policies on document storage and security, personnel security (including restricting access to personal information on our systems to staff who need that access to carry out their duties), staff training and workplace policies.
Online credit card payment security
We process payments using EFTPOS and online technologies. All transactions processed by us meet industry security standards to ensure payment details are protected.
While we strive to protect the personal information and privacy of users of our website, we cannot guarantee the security of any information that you disclose online and you disclose that information at your own risk. If you are concerned about sending your information over the internet, you can contact us by telephone or post (details under heading 10 below).
If you are a registered user of our NOW Online platform, you can also help to protect the privacy of your personal information by maintaining the confidentiality of your userID and password, and by ensuring that you log out of the website when you have finished using it. In addition, if you become aware of any security breach, please let us know as soon as possible.
8. Access and Correction
Please contact us (details under heading 10 below) if you would like to access or correct the personal information that we hold about you (including credit-reporting personal information).
We will generally provide you with access to your personal information, subject to some exceptions permitted by law. We may however charge a fee to cover our reasonable costs of locating the information and providing it to you. If we do not agree to your access or correction request, or if we do not agree to give you access in the manner you requested, we will provide you with a written notice explaining why.
If you have a complaint about how we have collected or handled your personal information, please contact us (details under heading 10 below). Our complaints process will depend on whether your complaint relates to the APPs or to credit-related personal information, as explained below.
9.2 Complaints process - APPs
We will endeavour in the first instance to deal with your complaint and take any steps necessary to resolve the matter within a week. If your complaint can't be resolved at the first instance, we will ask you to submit your complaint in writing.
We will endeavour to acknowledge receipt of your written complaint within 5 business days of receiving it and to complete our investigation into your complaint in a timely manner. This may include, for example, gathering the relevant facts, locating and reviewing relevant documents and speaking to relevant individuals.
In most cases, we expect that complaints will be investigated and a response provided within 30 days of receipt of your written complaint. If the matter is more complex and our investigation may take longer, we will write and let you know, and tell you when we expect to provide our response.
9.3 Complaints process – credit-related personal information
We will provide you with a written notice acknowledging your complaint and explaining how we will deal with it within 7 days after the complaint is made. We will then investigate the complaint, consult any CRB or other credit providers if we consider it necessary and provide you with a written notice of our decision within 30 days (or longer if you agree).
9.4 If you are not satisfied with our response
If you are not satisfied with our response, you can refer your complaint to the Office of the Australian Information Commissioner (see here for further information).
10. Our contact details
Please contact us if you have any queries about the personal information that we hold about you or the way we handle that personal information. Our contact details are set out below.
Mail: Privacy Officer, L&H Group, 456 Lower Heidelberg Road, Heidelberg, Victoria, 3084
Telephone: 03 9243 3555
11. Changes to this Policy