top of page

Privacy Policy

CRYSTAL LOGIC AUSTRALIA-WIDE POLICY

​

Purpose

​

We are committed to protecting privacy and confidentiality in accordance with the Australian Privacy Principles (‘APPs’), Credit Reporting Privacy Code and Privacy Act 1988 (Cth) (‘Privacy Act’), and it is one of our prime responsibilities, that any personal or sensitive information provided to us is not used for any other purpose than that of which is intended and expected. This Privacy Policy describes our current policies and practices for collecting, handling, using and disclosing personal information. It also deals with how to complain about a breach of the privacy laws, how individuals can access the personal information we hold about them and how to have that information corrected.

​

Scope

​

This Privacy Policy applies to Crystal Logic (ABN 44560683394), who is bound by the Australian Privacy Principles, Credit Reporting Privacy Code and Privacy Act 1988 (Cth) and will protect the personal information of individuals in accordance with the above.

​

What is personal information?

​

Personal information includes any information or opinion about an identified individual or an individual who can be reasonably identified from their information. The information or opinion will still be personal information whether it is true or not and regardless of whether Crystal Logic have kept a record of it.

​

We may collect personal information about the following individuals:

​

• Clients including but not limited to Natural persons, Sole traders, Partnerships, Companies, Trusts, Trustees, Self-Managed Superannuation Funds, and Companies;

• Prospective clients;

• Service providers or suppliers;

• Prospective employees, employees and contractors; and

• Other third parties with whom we come into contact.

​

The above listed are referred to as ‘individuals’ in this policy.

​

By providing personal information to us, an individual consents to our collection, use and disclosure of their personal information in accordance with this Privacy Policy and any other arrangements that apply between us.

​

The information that Crystal Logic seeks to collect will depend on the products or services that it recommends or provides. If an individual does not allow Crystal Logic to collect all of the information requested, Crystal Logic may not be able to deliver all of those services effectively.

​

Whereby Crystal Logic receives unsolicited personal information about individuals, if possible, Crystal Logic will return the unsolicited personal information to the person who provided it. In all other cases, we destroy the information, unless the personal information is relevant to Crystal Logic’s purposes for collecting personal information.

​

What kind of personal information does Crystal Logic collect and hold?

​

Crystal Logic will not collect any personal information except when the individual has knowingly provided that information to us or authorised a third party to provide that information to us.

​

Crystal Logic may ask for various kinds of personal information to the extent this information is necessary for us to carry out the activities involved in providing you with products, services and information. The kinds of personal information include, but is not limited to:

​

• Identification information, including but not limited to, name, address, contact details (including phone number, email address and other digital addresses and accounts, date of birth, tax file number, as well as information to verify an individual’s identify such as driver’s licence, birth certificate, or passport details;

• Financial information, including but not limited to, an individual’s assets, liabilities, income, expenses, bank and direct debit details, superannuation and insurance details, and other financial details;

• Employment information, including but not limited to, ABN/ACN, occupation, salary, hours of work, employment history dates records;

• Screening checks (including but not limited to police, working with children, bankruptcy), reference checks, and other associated insights;

• Transactional information of an individual’s dealings with us, including in relation to our products and services, making a record of queries or complaints an individual makes and, if they make an insurance claim, collecting additional information to assess the claim;

• Insights, responses to surveys such as experiences and information about your activities, interest, and attitudes/views or other feedback expressed;

• An individual’s device information such as device ID, geo-location, computer and connection information, statistics on page views, traffic to and from our websites, advertisement data, IP address and standard web log information; and

• Any other personal information that may be required in order to facilitate an individual’s dealings with us.

​

We will not use identifiers assigned by the Government, such as a tax file number, Medicare number or provider number, for our own file recording purposes.

​

The collection of sensitive information is restricted by the Privacy Act. This includes information about religion, racial or ethnic origin, political opinions, criminal record, and sexual orientation. It also includes health information and biometric information. Generally, Crystal Logic only collects this sort of information if it is necessary to provide a specific product or service and the individual has consented to that collection. For example, we may collect health information about the individual to process a claim under an insurance policy or collect voice biometric information to verify identity or authorise transactions.

​

What if an individual chooses not to provide some information?

​

Crystal Logic may be unable to provide its services if it does not have all the relevant information it requires to deliver such services.

​

For what purposes does Crystal Logic collect, hold, use and disclose personal information?

​

Crystal Logic collects, uses, holds and discloses personal information to facilitate the provision of its service offerings, interactions with individuals, and otherwise as required in the running of Crystal Logic’s business. This includes, but is not limited to:

​

• Checking whether an individual is eligible for the product or service;

• Assisting where online applications are not completed;

• Providing the product or service;

• Helping to manage or improve the product or service;

• Complying with relevant laws, regulations and other legal obligations;

• Preventing fraud, crime or other activity that may cause harm in relation to its products or services;

• Assessing your prospective and ongoing suitability for employment or working arrangements with Crystal Logic, including conducting screening (including but not limited to police, working with children, bankruptcy) checks, reference checks, and other associated insights;

• Conducting testing, surveys, research, insights and analytics (including through our third-party service providers);

• Understanding and meeting your needs, including tailoring the content of our websites, emails, apps and social platforms to your preferences;

• Conducting marketing activities in relation to our business, products, and service; and

• As otherwise required in the running of Crystal Logic’s business.

​

What service offerings does Crystal Logic provide?

​

Crystal Logic understands the importance of a holistic service offering, whereby its clients can see their goals, needs and expectations being met. This approach encompasses providing products and services in relation to:

​

• Data Manipulation

• Data Analysis

• Business Reporting

• Business Advisory

• Process Automation

• Corporate Finance

• Audit and Assurance

​

How does Crystal Logic collect personal information?

​

Crystal Logic collects most of the personal information directly from the individual. This can be done electronically. (see section "Does Crystal Logic collect personal information electronically?" of this policy for more information).

​

Crystal Logic also collects personal information about an individual from other areas of its business including sharing information amongst its subsidiaries and related parties or from third party organisations. This may happen without the individual’s direct involvement. For instance, Crystal Logic will collect personal information about an individual from:

​

• Publicly available sources of information;

• The individual’s external representatives (including legal adviser, mortgage broker, executor, administrator, guardian, trustee, or attorney);

• the individual’s other Crystal Logic representatives (including Accountant, mortgage broker, general insurance broker, business advisory adviser);

• The individual’s employer;

• Other organisations, who jointly with Crystal Logic, provide products or services to the individual;

• Commercial information service providers, such as companies that provide fraud prevention reports;

• Insurers, re-insurers and health care providers;

• Third party information aggregators, and insight and analytics providers; and

• Third parties providing screening (including but not limited to police, working with children, bankruptcy) checks, references, insights and other employment information in relation to prospective employees, employees, and consultants.

​

What laws require or authorise Crystal Logic to collect personal information?

​

Crystal Logic is required or authorised to collect:

​

• Certain identification information about an individual by the Anti-Money Laundering and Counterterrorism Financing Act 2006 (Cth) and Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No. 1);

• An individual’s Tax File Number, if they choose to provide it, by the Income Tax Assessment Act 1936 (Cth);

• Certain information in relation to the individual’s application if they have applied for an insurance as required by the Insurance Contracts Act 1984 (Cth).

​

How does Crystal Logic hold personal information?

​

Crystal Logic strives to maintain the relevance, reliability, accuracy, completeness and currency of the personal information we hold and to protect its privacy and security. Much of the information Crystal Logic holds about an individual will be stored electronically in secure data centres, which are located in Australia, and owned by either Crystal Logic or external service providers. This does not include third parties backing up or mirroring their data in overseas jurisdictions. Some information Crystal Logic holds about an individual will be stored in paper files and these files will be held in secure offsite storage.

​

Crystal Logic use a range of physical and electronic security measures to protect the security of the personal information they hold. For example:

​

• Access to information systems is controlled through identity and access management;

• Employees are bound by policies and procedures that require them to handle information in a secure manner.

• All employees are required to complete training about information security; and

• Regular monitoring and review their compliance with internal policies and industry best practice.

​

Crystal Logic takes reasonable steps to manage data destruction either physical or digital. These extend to our third parties who manage and hold our data.

​

Who does Crystal Logic disclose personal information to, and why?

​

Crystal Logic may provide personal information about individuals to external organisations. To protect personal information, Crystal Logic enter into contracts with their service providers that require them to handle personal information in a secure manner. These contracts oblige them to only use the personal information Crystal Logic disclose to them for the specific role they ask them to perform.

​

Generally, Crystal Logic disclose personal information to organisations that help them with their business. These may include:

​

• Crystal Logic personnel, and related bodies corporate;

• Crystal Logic agents, contractors, third party suppliers, and external service providers (for example, mailing houses, technology service providers, analytics and insight providers);

• Insurers, re-insurers and health care providers;

• Payment systems operators (for example, merchants receiving card payments);

• Other organisations, who jointly with Crystal Logic, provide products or services to the individual;

• Financial services organisations, including banks, superannuation funds, stockbrokers, custodians, fund managers and portfolio service providers;

• Debt collectors;

• Crystal Logic professional advisers, dealers, and agents;

• An individual’s representatives (including their legal adviser, accountant, mortgage broker, executor, administrator, guardian, trustee, or attorney), or any other third parties authorised by an individual to receive personal information;

• Fraud bureaus or other organisations to identify, investigate or prevent fraud or other misconduct;

• HR advisors, including third parties used to provide candidate and employee screening checks, references, and insights;

• External dispute resolution schemes;

• Regulatory bodies, government agencies and law enforcement bodies in any jurisdiction;

• Social media and digital platforms; and

• Other companies in the event (including in initial discussions) of a corporate sale, merger, transfer, reorganisation, dissolution or similar event.

​

We may also disclose an individual’s personal information to others where:

​

• Crystal Logic are required or authorised by law or where they have a public duty to do so;

• The individual may have expressly consented to the disclosure or the consent may be reasonably inferred from the circumstances; or

• Crystal Logic are otherwise permitted to disclose the information under the Privacy Act.

​

We may use and disclose your personal information for any of these purposes. We may also use and disclose an individual’s personal information for secondary purposes, which are related to the primary purposes set out above, or in other circumstances authorised by the Privacy Act.

​

Sensitive information will be used and disclosed only for the purpose for which it was provided (or a directly related secondary purpose), unless an individual agree otherwise, or an exemption in the Privacy Act applies.

​

How might we use or disclose credit information?

​

In relation to credit information held by us, we will only use and disclose credit information for the following purposes:

​

• Assessing an individual’s credit worthiness and likelihood of approval for an application for credit;

• Collecting payments that are overdue in relation to any credit that may be provided by us;

• Dealing with a serious credit infringement we believe an individual has committed;

• Assisting external dispute resolution scheme of which we are a member;

• If the disclosure is required or authorised by law;

• Assisting the individual to avoid defaulting on his or her credit obligations; or

• The provision or management of credit to an individual.

 

We will only disclose credit information to the following recipients:

​

• A related body corporate;

• A person who will be processing an individual’s application for credit;

• A person who manages credit;

• A credit provider if we believe an individual has committed a serious credit infringement, or the individual has consented to the disclosure;

• To a person considering whether to act as a guarantor or offer property as security and the individual have expressly consented to the disclosure;

• A debt collector;

• A mortgage insurer;

• A credit reporting body; and

• Anyone else to whom the individual authorises us to disclose it.

​

Does Crystal Logic hold credit card or other payment details?

​

If and when Crystal Logic collect credit card or other payment details, we will not store them. The card details will be passed directly via a secure encrypted SSL connection directly to the bank’s payment getaway.

​

Furthermore, the page that transmits card details has been through thorough checks and has been deemed to be PCI DSS compliant by an Approved Scanning Vendor.

​

Does Crystal Logic disclose personal information overseas?

​

Crystal Logic may disclose an individual’s personal information to a recipient which is located outside Australia. This includes:

​

• Any financial institution which the individual holds an account with overseas where they has given Crystal Logic permission to make enquiries on their behalf.

• Other members of Crystal Logic that are located outside Australia, in some circumstances.

• Our data hosting and other IT service providers

• Other third party service providers

​

Refer to APPENDIX A for the list of countries where these recipients may be located.

​

Some encrypted data may be backed up or mirrored in overseas jurisdictions by third parties. We will not send personal information to recipients outside of Australia unless:

​

• We have taken reasonable steps to ensure that the recipient does not breach the Act, the APPs and the Credit Reporting Privacy Code;

• The recipient is subject to an information privacy scheme similar to the Privacy Act; or

• The individual has consented to the disclosure.

​

Does Crystal Logic use or disclose personal information for marketing?

​

Crystal Logic will use personal information to offer individuals products and services they believe may interest them but will not do so if the individual tells them not to. Crystal Logic may offer individuals products and services by various means, including mail, telephone, email, SMS or other electronic means, such as through social media or targeted advertising through Crystal Logic’s website.

​

Crystal Logic may also disclose an individual’s personal information to external companies who assist Crystal Logic to market their products and services to the individual, such as a mailing house.

​

If individuals do not wish to receive marketing offers from Crystal Logic, they must expressly request Crystal Logic not to do so.

​

Does Crystal Logic collect personal information electronically?

​

Crystal Logic will collect information from individuals electronically, for instance through internet browsing, mobile or tablet applications.

Each time an individual visit one of Crystal Logic’s websites, Crystal Logic collects information about the individual’s use of the website, which may include the following:

​

• The date and time of visits;

• Which pages are viewed;

• How users navigate through the site and interact with pages (including fields completed in forms and applications completed);

• Location information about users;

• Information about the device used to visit our website; and

• IP addresses.

​

Crystal Logic uses technology called cookies whenever an individual visit a Crystal Logic website. Cookies are small pieces of information stored on the individual’s hard drive or in memory. Cookies can record information about an individual’s visits to the site, allowing it to remember them the next time they visit and provide a enriched experience.

​

One of the reasons for using cookies is to offer individuals increased security. The cookies Crystal Logic send to an individual’s computer cannot read their hard drive, obtain any information from their browser or command their computer to perform any action. Cookies are designed so that they cannot be sent to another site or be retrieved by any non-Crystal Logic site.

​

Crystal Logic won't ask individuals to supply personal information publicly over Facebook, Twitter, or any other social media platform that we use. Sometimes Crystal Logic may invite individuals to send their details to them via private messaging, for example, to answer a question. individuals may also be invited to share their personal information through secure channels to participate in other activities, such as competitions.

​

Keeping information Secure

​

Crystal Logic uses security procedures and technology to protect the information we hold. To prevent misuse or unlawful disclosure of sensitive information, Crystal Logic has implemented internal policies which cover staff conduct, continuous training and monitoring of staff, and the inclusion of independence checks. If other organisations provide support services, we require these organisations to appropriately safeguard the privacy of the information provided to them.

​

Where the personal information we collect is no longer required, we may retain it in a secure manner for record keeping purposes, delete the information or permanently, de-identify it in accordance with relevant laws and our internal records management policy.

​

Access to and correction of personal information

​

Under the Privacy Act, individuals have a right to seek access to information which we hold about them; although, there are some exceptions to this. They also have the right to ask us to correct information about them which is inaccurate, incomplete or out of date. To do so, they must contact Crystal Logic.

​

We do not charge for receiving a request for access to personal information or for complying with a correction request. We do however reserve the right to charge you for all reasonable costs and outgoings specifically incurred in meeting your request for information. In processing an individual’s request for access to their personal information, a reasonable cost may be charged if they have requested access more than once within twelve months. This charge covers such things as locating the information and supplying it to them.

​

There are some circumstances in which Crystal Logic are not required to give individuals access to their personal information. If Crystal Logic refuse to give an individual access to or to correct their personal information, Crystal Logic will give them a notice explaining the reasons why, except where it would be unreasonable to do so. If we refuse an individual request to correct their personal information, the individual also has the right to request that a statement be associated with their personal information noting that they disagree with its accuracy. If Crystal Logic refuses an individual’s request to access or correct their personal information, we will also provide them with information on how they can complain about the refusal.

​

Notification

​

Due to the Privacy Amendment (Notifiable Data Breaches) Act 2017, Crystal Logic is legally required to notify affected individuals of any eligible data breaches. To comply with this legal requirement, Crystal Logic has implemented a Data Breach Response Plan in order to deal with actual or potential data breaches as well as the notification process to be followed when notifying affected individuals.

​

Resolving privacy concerns and complaints

​

If an individual is concerned about how their personal information is being handled or if they have a complaint about a breach by Crystal Logic of the Australian Privacy Principles, they must contact Crystal Logic.

​

Crystal Logic will acknowledge the complaint as soon as practical after receipt of the individual’s complaint. Crystal Logic will let the individual know if they need any further information from the individual to resolve their complaint.

​

We aim to resolve complaints as quickly as possible. We strive to resolve complaints within five business days, but some complaints can take longer to resolve. If a complaint is taking longer, we will let the individual know what is happening and a date by which they can reasonably expect a response.

​

If the individual is unhappy with our response, there are other bodies they can go to.

​

The Australian Financial Complaints Authority (AFCA) can consider most privacy complaints involving providers of financial services.

​

AFCA can be contacted at:

​

Australian Financial Complaints Authority GPO Box 3

Melbourne VIC 3001

Phone: 1800 931 678

Website: www.afca.org.au

​

Under the Privacy Act, an individual may complain to the Office of the Australian Information Commissioner about the way Crystal Logic handled their personal information.

​

The Commissioner can be contacted at:

​

Office of the Australian Information Commissioner GPO Box 5218

Sydney NSW 2001

Phone: 1300 363 992

Email: enquiries@oaic.gov.au

Website: www.oaic.gov.au

​

Key Contact

​

The individual can contact Crystal Logic by:

​​

• Calling (08) 9892 7717

• Emailing support@crystallogic.com.au.

• Visiting www.crystallogic.com.au and submitting a contact form.

​

Changes to the Privacy Policy

​

We may change the way we handle personal information from time to time for any reason. If so, we will update this Privacy Policy which will be updated on the website accordingly.

​

Date: 22 January 2025

​​

APPENDIX A

​

Crystal Logic may disclose an individual’s personal information to a recipient which is located outside Australia.

​

These recipients may be in New Zealand, United States, Canada, United Kingdom, European Union, India, Malaysia, Philippines, Vietnam.

​

© Crystal Logic 2025.

bottom of page