TCX uses its website and applications to collect and collate PI about corporate or cafe app administrators (Distributors) and users (Customers). TCX has Distributor and Customer accounts which can be accessed via secure login on its website and applications.
How we collect PI
We collect PI when a Distributor account is created.
Account/Login Details (for TCX system usage):
- a. Company name
- b. Trading name
- c. Location (address, postcode, state, country)
- d. ABN
- e. User name
- f. Password (encrypted)
- g. Email address
- h. Time & date account was created
- i. Credit card details (for security deposit where required)
Personnel Details (for TCX contact):
- a. Contact first & last names
- b. Contact email address
- c. Phone number (optional for password recovery)
We collect PI when Customers create an account.
- a. First Name
- b. Last Name
- c. User name
- d. Password (encrypted)
- e. Email address
- f. Suburb, State, Postcode, Country
- g. Favourite beverage (size, drink type, milk type, sugar, extra shot, notes)
- h. Time & date account was created
How we collect System Usage Data
We collect System Usage Data when Customers and Distributors use the TCX system.
We collect scan usage records:
- a. Transaction type (In/Out/Exchange/Return)
- b. Time & date
- c. Distributor Id
- d. Customer Id
- e. Actual order (if applied)
How we use PI and System Usage Data
We use PI to enable:
- a. Distributors and Customers to interact with the TCX system
- b. TCX to provide effective Distributor and Customer Support
- c. Account management
We use System Usage Data to:
- a. Provide Customers with usage reporting relating to only their account
- b. Provide Distributors with usage reporting relating to only their account
We use Aggregated System Data where Customer Identification is anonymous (defined using a geographic boundary of Distributors) for:
- a. Reporting environmental benefits by region
- b. Marketing and promotion of TCX and the TCX system
How we manage PI
PI is stored on a secure server provided by Crazy Domains that is physically located in Australia. Communication between the Distributor accounts, Customer accounts and the server is encrypted in transit. Access to the secure server is restricted to authorised TCX personnel.
We do not combine PI with other data, modify it, or disclose it to third parties. When an account is closed, we delete its PI. Customers can update their contact PI details at any time via the website. Distributors are unable to access, download or store Customer PI.
Reporting Breaches of Privacy
We are committed to ensuring the privacy of all PI we collect. Certain compulsory obligations have been placed on organisations under the Privacy Act 1988 (Cth) to notify specific types of data breaches (Notifiable Data Breaches “NDB”) to individuals affected by the breach as well as to the
Office of the Australian Information Commissioner (OAIC). A NDB is one that is likely to result in serious harm to any individual to whom the information relates. TCX are committed to ensuring the protection of all PI and we will comply with the NDB obligations.
In the event of a PI data breach of either Distributor information or Customer information, TCX will notify the party(s) affected within 7 days of TCX becoming aware of the breach, and provide:
- a. Our identity and contact details;
- b. A description of the data breach;
- c. The kinds of information that is suspected of being obtained;
- d. Recommendations about the steps you should take to limit the impact of the breach; and
- e. Advice as to whether we have contacted the OAIC about the breach.
How to access your PI
You have a right to access your PI that we hold and ensure that it is correct. For information on how to access your PI at TCX please contact our privacy officer with your request:
The Cup eXchange
513-521 Victoria Street, West Melbourne VIC 3003
We will endeavour to respond to your request within three business days.
Response to Requests
If you are not satisfied with our response to your request for information you may wish to contact the Office of the Australian Information Commissioner:
Phone: 1300 363 992