Privacy Policy


This Privacy Policy describes the personal information that may be collected by AlphaCommerceHub Pty Ltd (‘ACH’, ‘we’ or ‘us’), the choices you can make about your personal information and how we protect your personal information.

If you would like a printed version of this policy, you can print this page using your browser, or contact our privacy officer for a copy. Our contact details are listed at the end of this Policy.

To meet your expectations about privacy and confidentiality We have operational processes and procedures in place so that We comply with Australian Privacy Principles (APPs) contained in the Privacy Act 1988.

If you have any questions that you feel are not addressed by this Policy, please contact us by following the instructions under “How to contact Us” section in this Policy.

Your understanding of our Privacy Policy

By accessing and using Our website, You agree that You have read and understood our privacy policy. This policy does not give You any greater rights or extend any obligation that We have to You beyond what is set out in the laws legislation listed under section 1 in this policy.

If there is any inconsistency between any part of this policy, the Privacy Act or any other law mentioned in this policy, the inconsistent part of this policy will be read in a way that gives effect to and complies with that law.

This policy includes a number of examples for illustrative purpose to help understand the requirements set out in this policy. The examples are not restrictive in any way and are used to help You understand Our policy.

Our websites may contain links to other non-ACH websites. We are not responsible for the privacy policies of those other websites. We recommend you review the privacy policies of each website that you visit.

Collection of personal information

‘Personal information’ means information which we hold about you where your identity is either clear or can be reasonably determined. When you give us your personal information, it imposes a serious responsibility on us. Protecting your privacy when handling your personal information is very important to us.

We will collect personal information directly from you and to the extent that we need that personal information to provide you with a product or service which you have requested us to perform, or where we are required to do so by law. This includes:

a) Checking if you are eligible to receive a product or service from us;

b) help You where you have an online enquiry or create an online account with us;

c) deal with us by phone or over web chat;

d) register for, or to access our online products or services;

e) helping you to manage any product or online services that You purchase from us; and

f) provide us with feedback about our products and services where we may engage with you through online surveys.

We may also use your information to comply with legislative and regulatory requirements in any jurisdiction to prevent fraud, crime or other activity that may cause harm in relation to our products or services and help us to run our business.

We may also use your information to tell you about products or services that we think might be of interest to you.

An ‘agency function’ means a service that we provide to you on behalf of another organisation. We may collect personal information from another organisation for the purpose of enhancing our ability to improve service and product delivery to you and other customers in the future. This may happen without your direct involvement. For example, we may collect information from:

a) other related entities to ACH;

b) publicly available sources of information such as public registers;

c) your nominated representative (where you have elected to allow another person to act on your behalf);

d) your employer or busines;

e) other organisations who jointly with us provide products and services to you;

f) commercial information service providers such as companies that offer fraud protection reports.

We will collect personal information from you by lawful and fair means.

If you choose to not provide your personal information when requested, we may not be able to offer or deliver the product or service that you have requested. We will tell you when this occurs and make it as clear as possible each time.

In some cases, where it makes sense and it is lawful to do so, you can interact with us anonymously or by using a pseudonym (an alias). We will endeavour to make this option clear when it is available to you.

Unsolicited information

“Unsolicited” personal information is personal information about an individual that an organisation has unintentionally received. This is an uncommon occurrence for ACH, but if it does happen, we will protect your personal information in the same way as we treat personal information that we intended to collect.

Use and Sharing

We use the personal information you provide only for purposes consistent with the reason you provided it, or for a directly related purpose. We may also use your personal information where required or permitted by law.

We may also use your personal information, or aggregate your personal information with the personal information of other customers (so that the aggregated information is no longer personal) for the purposes of:

a) analysis to help us better understand the needs of our customers so that we and third parties can better develop products and services for you;

b)providing information that is tailored to what we believe are your areas of interest; and;

c)analysing your product and services to improve your experience and to enable us to develop new or enhanced functionality for you.

We do not share your personal information with other organisations unless:

a) you give us consent;

b) where sharing is otherwise required or permitted by law; or

c) where this is necessary on a temporary basis to enable our contractors or other suppliers to perform specific functions.

We may contact you periodically to advise you of new or enhanced functionality which is available in connection with our products and services. You will not be obliged to adopt any such functionality.

When we temporarily provide personal information to companies who perform services for Us, We require those companies to protect your personal information as diligently as we do. Strict contractual and other quality assurance measures are used to ensure your personal information is and remains protected.

While we are required to protect your personal information under law and we will take all reasonably required steps to do so, there are certain exceptions where disclosure of your personal information is:

a) authorised or required by law (e.g. disclosure to various government departments and agencies, to courts under subpoena or law enforcement agencies);

b) in the public interest (e.g. where a crime, fraud or misdemeanour is committed or suspected and disclosure against the customer's rights to privacy or confidentiality is justified); or

c) with your consent - your consent may be implied or express and it may also be verbal or written.

Treatment of personal information with related bodies corporate

ACH can disclose personal information (excluding sensitive information) with subsidiaries and controlled or controlling entities as long as the purpose for sharing is related to the reason the personal information was originally collected. This excludes subsidiaries that are outside of Australia.

Overseas use and disclosure

ACH may transfer personal information to countries outside of Australia and we will only do so in compliance with all applicable Australian data protection and privacy laws. ACH will take reasonable steps to protect personal information no matter what country it is stored in or transferred to. We have procedures and data transfer contracts as appropriate to help ensure this.

ACH uses service providers in the following countries:

  • Singapore
  • United Kingdom
  • United States of America
  • Europe

Direct Marketing

From time to time we may use the personal information we collect from you to identify particular ACH products and services which we believe may be of interest to you. We may contact you to let you know about these products and services and how they may help or benefit you or your business. We will generally only do this with your prior consent (where practical) and we will always give you a choice to opt out of receiving future communications and information.

Direct Marketing from ACH generally takes the form of Direct Mail or Electronic Marketing (email). In rare cases, we may use Telemarketing. Each of these channels is handled as follows:

a) Direct mail – Where we use your personal information to send you marketing information via the post we may do so with your implied consent or, if this is impracticable, we will ensure that you are provided with an opportunity to opt out of receiving future such communications. By not ticking a clearly displayed "opt out" box, we will assume we have your implied consent to receive similar marketing communications in the future. We will always ensure that our opt out notices are clear, conspicuous and easy to take up.

b) Electronic marketing – Where we use your personal information to send you marketing information by e-mail, SMS, MMS or other electronic means we may do so with your express or implied consent. You may give us your express consent by, for example, ticking a box on an electronic or paper form where we seek your permission to send you electronic or other marketing information. Consent may be implied from our existing business relationship or where you have a reasonable expectation of receiving an electronic marketing communication.

c) Telemarketing – ACH does not usually engage in telemarketing activities to our consumer customers. Generally, such marketing is only used in relation to our business customers. Should any consumer telemarketing be undertaken or authorised by ACH, we will, to the extent that it applies, comply with the relevant legislation (see above).

Every directly addressed marketing contact sent or made by ACH will include a means by which customers may unsubscribe (or opt out) of receiving further marketing information.

Additionally, you may instruct us at any time to remove any previous consent you provided to receive marketing communications from us. Requests should be directed to the ACH Privacy Contact Officer via the channels provided under ‘How to contact us’.

Accessing your Personal Information

You have the right to request access to the personal information we hold about you. This right is subject to certain exceptions allowed by law.

ACH will, upon your request, and subject to applicable privacy laws, provide you with access to your personal information that is held by us. However, we ask that you identify, as clearly as possible, the type (or types) of information requested. ACH will deal with your request in a reasonable time - usually within 30 days.


Your right to access your personal information is not absolute. In some circumstances, the law permits us to refuse your request to provide you with access to your personal information.

Updating your personal information with Us

It is inevitable that some personal information which we hold will become out of date. We will take reasonable steps to ensure that the personal information which we hold remains accurate and, if you advise us of a change of details, we will amend our records accordingly.

Where your information has been disclosed to a third party, ACH will take reasonable steps to notify the third party of the correction.

Where we are unable to update your information, we will provide an explanation in writing as to why the information cannot be corrected.

Information Security

ACH is committed to protecting and securing your personal information.

We employ appropriate technical, administrative and physical procedures to protect personal information from unauthorised disclosure, loss, misuse or alteration.

We limit access to personal information to individuals with a business need consistent with the reason the information was collected by us. We keep personal information only for as long as it is required for business purposes or by the law.

ACH protects your personal information by employing best industry standards to protect its systems and personal information which is consistent with Industry Schemes requirements and our statutory obligations. We also perform internal and external audits on our security systems to validate our security practices.

Information collected on our websites

We may collect non-personal information from you such as browser type, operating system, and web pages visited to help us manage our web site.

Our internet server logs the following information which is provided by your browser for statistical and content optimisation and personalisation purposes:

a) the type of browser and operating system you are using;

b) your Internet Service Provider and top level domain name (for example - .com, .gov, .au,;

c) the address of any referring website (for example - the previous web site you visited), and

d) your computer's IP (Internet Protocol) address (a number which is unique to the machine through which you are connected to the internet).

All of this information is used by ACH for aggregated statistical analyses or systems administration purposes only. No attempt will be made to identify users or their browsing activities, except where required by law.


A "cookie" is a packet of information stored on your computer that allows the ACH server to identify and interact more effectively with your computer.

Our websites use two different kinds of cookies:

a) Session cookies – temporary cookies that only last until you close your browser

b) Persistent cookies – cookies that are stored for a longer term on your computer.

Session cookies

When you access our web site, we send you a temporary cookie that gives you a unique identification number. A different identification number is sent each time you use our website. Cookies do not identify individual users, although they do identify a user's internet browser type. When you close your browser, the cookie is deleted and no longer exists on your computer.

You are free to disable cookies in your browser (see details below). If you have disabled cookies you may not be able to take full advantage of all of our website features.

We use session cookies in the following manner:

a) Log-on and log-off administration – session cookies help with the log-on and log-off processes for those users who have decided to register to use one of our online services. The cookies enable us to recognize your user ID when you log on so that we do not establish a duplicate registration record for you.

b) Transactions and site usability - we use session cookies to improve how you navigate through our website and conduct transactions. As examples, session cookies are used to maintain your online session as you browse over several pages; to store and pre-populate information so that you do not have to re-enter the same information twice. Session cookies may also be used to collect referral statistics when you click on a link or ad banner to or from our website.

Persistent cookies

ACH may also use "persistent cookies". A persistent cookie is a small piece of text stored on your computer's hard drive for a defined period of time, after which the cookie is erased. We will not collect or link to personal information through persistent cookies without your express consent.

We use persistent cookies as follows:

a) Site usage measurement - Our site measurement tool uses a persistent cookie to assist us in measuring how and when our web site and its various components are used. It functions as a "visit cookie," so we can determine if you are a repeat visitor to our site. This allows us to know if we are attracting new visitors and what aspects of the site seem most useful. The cookie will expire 30 days after your last visit.

b) Log-off safety function - ACH uses a persistent cookie to automatically log you off certain the ACH website if there has been no activity for 15 minutes. This is done for your safety to ensure that, if you have finished using our site but have forgotten to log off, no one else can use your computer via your log on and password. The cookie is permanently removed from your computer when you log off, or, if you have closed the browser without logging off, it is removed within 15 minutes from your last activity.

c) Longer-term cookies - Persistent cookies allow us, at your request, to recognise you when you return to our website or to remember certain information that you have provided us. The recognition feature may allow you to log on to certain parts of our website automatically, without having to enter your name and password each time your visit. The cookie assigns a random number to you, and allows us to track your site activity, but this is not linked to personal information. This allows us to personalise the site for you and tailor the content to your needs, for instance to show you banner ads about products you may be interested in.

d) Click stream data - "Click stream data" is information which is derived from an analysis of your website activity based on the sequence of links which you click on while browsing our Website. When you visit our website or use our products and services, we will collect this information for analysis, maintenance or reporting purposes and to improve the performance of our website. This can include information such as your IP address, the duration of your visit and the date and time of your visit.

Cookie Management

You can configure your internet browser to accept all cookies, reject all cookies or notify you when a cookie is sent. Most browsers accept cookies by default. To learn more about cookies, including how to refuse cookies on your computer refer to these browser information points:

a) Microsoft Internet Explorer;

b) Mozilla Firefox;

c) Google Chrome; or

d) Apple Safari.

Links to other sites

The ACH Website may contain links to other sites. We are not responsible for the privacy practices or the content of these other linked websites. We encourage you to read and understand the privacy policies on those websites prior to providing any information to them.


Search terms that you enter when using our search engine are collected, but are not associated with any other information that we collect. We use these search terms for the purpose of aggregated statistical analysis, so we can ascertain what people are looking for on our website, and to improve the services that we provide.

We may use external companies to provide us with detailed aggregate statistical analyses of our website traffic. At no time is any personal information made available to these companies, nor is the aggregate information ever merged with personal information such as your name, address, email address or other information you would consider sensitive or would compromise your privacy.

a) seek to rapidly identify and secure the breach to prevent any further breaches;

b) engage the appropriate authorities where criminal activity is suspected;

c) assess the nature and severity of the breach including the type of personal information involved and the risk of harm to affected individuals;

d) notify the affected individuals directly if appropriate and where possible;

e) If appropriate, put a notice on our website advising our customers of the breach; and

f) Notify the Privacy Commissioner (at the OAIC) if the breach is significant.

Loss of Personal Information

Despite our every effort to protect your personal information, there remains the possibility that a breach of our security could occur. If this occurs, we will:

How to contact us

ACH is committed to working with its customers to obtain a fair resolution of any complaint or concern about privacy.

To contact us with a compliment or complaint or a privacy question, you can:

send us an email at:  

write to us at:

AlphaCommerceHub Pty Ltd
Privacy Contact Officer
Level 50, 120 Collins Street
Melbourne Vic 3000

You can also call us between 9.00am and 5.00pm EST Monday to Friday on 1800 931 773.

Changes to this Privacy Policy

We will publish changes to this Privacy Policy on our website from time to time. This policy was last updated in May 2018.

If You want to know more about privacy

You can obtain further general information about your privacy rights and Commonwealth privacy law from the Office of the Australian Information Commissioner by:

a) calling their Privacy Hotline on 1300 363 992

b)visiting their web site at (External link)

c)writing to:

The Australian Privacy Commissioner

GPO Box 5218

Sydney NSW 1042

Defined Terms

ACH – Means AlphaCommerceHub Pty Ltd, a related body corporate of the Australian Postal Corporation and AlphaPaymentsCloud Pte Ltd (a Singapore based company).

ACMA – Australian Communications and Media Authority

APPs – Australian Privacy Principles

Australian Standard on Compliance Programs AS 3806: 2006 – An Australian standard providing principles and guidance for designing, developing, implementing, maintaining and improving flexible, responsive, effective and measurable compliance programs within an organisation.

Agency function – A service ACH provides on behalf of another organisation from time to time.

Consent – Consent means ‘express consent or implied consent’. The four key elements of consent are:

  • it must be provided voluntarily
  • the individual must be adequately informed of what they are consenting to
  • it must be current and specific, and
  • the individual must have the capacity to understand and communicate their consent.

Credit Reporting – The handling of credit reports and other credit worthiness information about individuals by credit reporting agencies and providers. Credit is an individual’s ability to repay a debt.

Express consent – Express consent is given explicitly, either orally or in writing. This could include a handwritten signature or an oral statement to signify agreement. Most commonly, it is the selection of a marketing check-box by an individual as they are taking up a product or service.

Government-related identifiers – An identifier assigned by an agency, a State or Territory authority, or a contracted service provider for a Commonwealth or State contract. Some examples include Medicare number, Centrelink reference numbers, drivers licence numbers, passport numbers.

OAIC – The Office of the Australian Information Commissioner

Payment Card Industry Data Security Standard (PCI-DSS) An information security standard. It is designed to reduce credit card fraud by requiring all entities involved in a payment processing transaction to meet a basic level of technical and operational security requirements.

Personal Information – Information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion

Privacy – In this policy relates to the protection of “Personal Information.” It does not refer to confidentiality, secrecy, or freedom of information.

Related bodies corporate– has the meaning given to this term under the Corporations Act 2001 (Cth).

Sensitive Information – Sensitive information as it is defined under the Privacy Act includes:

  • Information or opinion about an individual’s:
    • race/ethnicity
    • political opinions
    • membership of a political association
    • religious beliefs or associations
    • philosophical beliefs
    • membership of a professional or trade association
    • membership of a trade union
    • sexual preferences or practices
    • criminal record
  • Health information
  • Genetic information
  • Biometric information

It must not be collected without the express and informed consent of the individual.

Solicit – To ask for or try to obtain (something) from someone.

Spam – Refers to unsolicited commercial messages sent electronically (e.g. promotional emails or mobile phone messages). The Spam Act 2003 prohibits sending “unsolicited commercial electronic messages”.

Telemarketing call – A telephone call to offer goods or services, or to advertise or promote APG as a supplier of goods or services. The Do Not Call Register Act 2006 prohibits an organisation from making unsolicited telemarketing calls to a number which has been registered on the Do Not Call Register.