Privacy Policy

Home / Privacy Policy

This Privacy Policy describes how we at The Cup eXchange (TCX) collect, use, and manage Personal Information (PI) that is collected and stored using The Cup eXchange system, accessed via The Cup eXchange website and associated applications.


TCX uses its website and applications to collect and collate PI about corporate or cafe app administrators (Distributors) and users (Customers). TCX has Distributor and Customer accounts which can be accessed via secure login on its website and applications.

How we collect PI

We collect PI when a Distributor account is created.
We collect:
Account/Login Details (for TCX system usage):

  • a. Company name
  • b. Trading name
  • c. Location (address, postcode, state, country)
  • d. ABN
  • e. User name
  • f. Password (encrypted)
  • g. Email address
  • h. Time & date account was created
  • i. Credit card details (for security deposit where required)

Personnel Details (for TCX contact):

  • a. Contact first & last names
  • b. Contact email address
  • c. Phone number (optional for password recovery)

We collect PI when Customers create an account.
We collect:

  • a. First Name
  • b. Last Name
  • c. User name
  • d. Password (encrypted)
  • e. Email address
  • f. Suburb, State, Postcode, Country
  • g. Favourite beverage (size, drink type, milk type, sugar, extra shot, notes)
  • h. Time & date account was created

All credit card information for Customers is collected through a third party provider (eWay Australia). Customers are advised to read the Privacy Policy of any third party providers.

How we collect System Usage Data

We collect System Usage Data when Customers and Distributors use the TCX system.

We collect scan usage records:

  • a. Transaction type (In/Out/Exchange/Return)
  • b. Time & date
  • c. Distributor Id
  • d. Customer Id
  • e. Actual order (if applied)

How we use PI and System Usage Data

We use PI to enable:

  • a. Distributors and Customers to interact with the TCX system
  • b. TCX to provide effective Distributor and Customer Support
  • c. Account management

We use System Usage Data to:

  • a. Provide Customers with usage reporting relating to only their account
  • b. Provide Distributors with usage reporting relating to only their account

We use Aggregated System Data where Customer Identification is anonymous (defined using a geographic boundary of Distributors) for:

  • a. Reporting environmental benefits by region
  • b. Marketing and promotion of TCX and the TCX system

How we manage PI

PI is stored on a secure server provided by Crazy Domains that is physically located in Australia. Communication between the Distributor accounts, Customer accounts and the server is encrypted in transit. Access to the secure server is restricted to authorised TCX personnel.

We do not combine PI with other data, modify it, or disclose it to third parties. When an account is closed, we delete its PI. Customers can update their contact PI details at any time via the website. Distributors are unable to access, download or store Customer PI.

Reporting Breaches of Privacy

We are committed to ensuring the privacy of all PI we collect. Certain compulsory obligations have been placed on organisations under the Privacy Act 1988 (Cth) to notify specific types of data breaches (Notifiable Data Breaches “NDB”) to individuals affected by the breach as well as to the
Office of the Australian Information Commissioner (OAIC). A NDB is one that is likely to result in serious harm to any individual to whom the information relates. TCX are committed to ensuring the protection of all PI and we will comply with the NDB obligations.

In the event of a PI data breach of either Distributor information or Customer information, TCX will notify the party(s) affected within 7 days of TCX becoming aware of the breach, and provide:

  • a. Our identity and contact details;
  • b. A description of the data breach;
  • c. The kinds of information that is suspected of being obtained;
  • d. Recommendations about the steps you should take to limit the impact of the breach; and
  • e. Advice as to whether we have contacted the OAIC about the breach.

How to access your PI

You have a right to access your PI that we hold and ensure that it is correct. For information on how to access your PI at TCX please contact our privacy officer with your request:

Privacy Officer
The Cup eXchange
513-521 Victoria Street, West Melbourne VIC 3003
Email: privacy@tcx.org

We will endeavour to respond to your request within three business days.

Changes to our Privacy Policy

Our Privacy Policy complies with the Privacy Act 1988 (Cth). We may amend this Privacy Policy to reflect changes in legislation or our business. If we amend this policy we will post the change on our website.

Response to Requests

If you are not satisfied with our response to your request for information you may wish to contact the Office of the Australian Information Commissioner:

Phone: 1300 363 992
Email: enquiries@oaic.gov.au

This Privacy Policy was last updated on: 06/09/2019