Vocus Group Limited ABN 96 084 115 499 (‘Vocus’, ‘we’, ‘us’, ‘our’) is the parent company of subsidiaries which supply telecommunications products and services (including data network, internet, data centre, cloud, and voice products and services to corporate, government, and residential customers), and energy (retailer of gas and electricity) products. Our group of companies includes companies trading under the names Vocus, Dodo, iPrimus and Commander.

We recognise the importance of protecting the privacy of personal information that we collect and this privacy policy outlines how we do this.

Privacy laws that apply to our business

We are required to comply with the Privacy Act 1988 (Cth) and are bound by the Australian Privacy Principles (‘APPs’) set out in that Act. The APPs establish minimum standards for the collection, use, disclosure and handling of personal information. They apply to personal information in any form, including written, verbal, and digital form. The APPs can be accessed at the website of the office of the Australian Information Commissioner: www.oaic.gov.au

Other Australian laws protecting personal information that we need to comply with include the Telecommunications Act 1997 (Cth), Spam Act 2010 (Cth), Do Not Call Register Act 2006 (Cth), data retention laws and State legislation relating to health records. In this privacy policy, unless the context otherwise requires:

• ‘Privacy law’ refers to any legislative or other legal requirement that applies to our collection, use, disclosure or handling of personal information.
• ‘Personal information’ means information or an opinion about an identified individual or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in material form or not. Personal information includes sensitive information.
• ‘Sensitive information’ means personal information about an individual’s racial or ethnic origin, political opinions or memberships, religious beliefs or affiliations, philosophical beliefs, professional or trade association/union memberships, sexual preferences and practices, or criminal record.

Whose personal information do we collect?

We collect personal information about individuals who are our:

• Prospective customers, including people we think may be interested in our products and services as well as people who have expressed interest in obtaining or learning more about those products and services, and people who visit our webpages.
• Current customers, including people who purchase our products or services or who hold an account with us.
• Past customers, being people who have purchased our products or services but do not currently have an active account with us.
• Current and prospective employees, including people that enquire or apply for a prospective position within the Vocus Group, whether it is for permanent, part-time, temporary, contract or an internship opportunity with us.
• Commercial partners, including our suppliers, service providers, contractors, subcontractors, sales channel partners, agents and affiliates, and their staff.

We will refer to prospective customers, current customers and past customers collectively as ‘customers’. We will refer to current and prospective customers, current and prospective employees and commercial partners as ‘you’ or your’ throughout this privacy policy, as applicable.

This privacy policy does not apply to any employee records of an individual (as defined in the Privacy Act 1988 (Cth)) as it relates to an individual’s current or former employment with us.

Can you deal with us without identifying yourself?

In some situations, customers and other individuals may be able to deal with us anonymously or using a pseudonym. For example, you can make a general inquiry to one of our call centres without providing any personal information. You may also make a complaint or log a service fault anonymously, unless the inquiry or complaint relates to a particular account.

However, please note that if you do not wish to be identified we may not be able to provide the information or assistance you require.

What personal information do we collect?

We only collect personal information where it is reasonably necessary for our functions or activities as required by law. This includes:

• Proof of identity information, including passport number, driver licence number, Medicare number, or other government identifiers. We need this information to ensure you are who you say you are, and to keep our customer records accurate and up-to-date. We also may be required to obtain proof of identity information by law. For example, the Telecommunications Act 1997 (Cth) requires us to obtain specified proof of identity information before providing mobile telephone services.
• Financial and credit information, including credit history, employment history, remuneration details, bank account and credit card information, information about assets and income and details of relevant court judgments and bankruptcies. We need this information to assess creditworthiness and financial suitability of current customers and prospective customers.
• Information about certain medical conditions and concession entitlement. Having a certain medical condition may entitle the person to concessional tariffs or other benefits that may be available with our products or services. For example, in the case of electricity and gas, we may need information about medical conditions to ensure secure power supply for medical devices.
• Information relating to occupancy. We may need information to establish a customers right to occupy the property to which we provide services, and for this purpose may require copies of tenancy agreements, mortgage records, utility bills or supply records.
• Information relating to change of name or status, which may include marriage certificates, death certificates and other official documentation. We may need this information where we're asked to close or transfer an account
• Employment information, including information about employment history including current and past employers. We may need this information to assess the financial position of a person who applies to become our customer.
• Integrated Public Number Database (‘IPND’). In providing telecommunications services, we are required by law to collect certain personal information about you (including your name, address, telephone service number, and other public number customer details), and to provide it to the IPND Manager for inclusion in the IPND.

We also collect information about the way our customers use our products and services. This includes information about:

• service usage (including energy consumption patterns, use of communications services, internet usages),
• responses to offers made and/or promotions run by us or our affiliates,
• payment patterns and history, and
• inquiries and complaints.

We may collect personal information about associates of its customers, such as family members, employees or agents. For example, we may collect personal information about nominated or authorised representatives, the holder of a credit card that is used to pay a customer’s account, a person who acts as a secondary account holder, a person who acts as guarantor for a credit contract, the landlord of a tenanted property or the nominated contact on a business account. If you supply us with personal information about another individual, we will require the express consent of that other individual and ask you to assist us by referring that person to this privacy policy.

We may collect personal information about prospective employees, such the names and contact details of your referees, information related to your former employers, employment history, any answers submitted in connection with a background screening provider, visa or work permit status and other related information as may be needed in connection with your job application.

We have adopted the position proposed by the Privacy Commissioner that a young person is able to give their consent when he or she has a sufficient understanding and maturity to understand what is being proposed. We will make an objective determination before collecting that information as to whether the person involved would be able to provide informed consent to the use of their personal information.

How do we collect personal information?

We collect information about you directly and via our agents, service providers, partners and affiliates. We may collect personal information:

• through our call centres,
• through our websites, or websites operated by our affiliates,
• through social media platforms such as Twitter/X, Instagram, LinkedIn and Facebook,
• through the purchase of marketing lists, databases and data aggregation service, and
• from any recruitment agency or consultant that has been engaged to assist with your job application.

We will ask you to consent to us collecting your information from any third parties. We will only collect personal information from those parties if you consent. If you do not consent, we may not be able to provide the service or product you require or process your job application (as the case may be). We are authorised to collect some personal information from third parties under privacy law.

We will handle any unsolicited personal information which it receives in accordance with its obligations under privacy law.

Why do we collect personal information?

We collect personal information in order to:

• provide products and services to customers,
• manage and administer the products and services we provide, including for billing and credit control purposes (which may involve identity verification, credit checking, assessing entitlement to concessions, supplying and servicing a product, connecting and administering a service, billing and collection in relation to the service and investigating and rectifying complaints or faults),
• administering and managing our relationships with suppliers, customers and shareholders, including for billing, credit control and investor purposes,
• inform customers about changes and improvements in our products and services,
• create aggregate data through demographic profiling and statistical analysis of the database, and to allow for more efficient operations of our business,
• market our products and services to customers,
• market products and services from our affiliated entities to customers,
• market third party products and services to customers,
• manage job applications,
• manage relationships with our staff, contractors, agents, affiliates and service providers,
• establish, exercise or defend any legal claims, and
• comply with our legal obligations.

We need to use personal information for most of our business activities, although the information we require depends on the circumstances. If we are unable to collect the personal information we need, we may be unable to meet the expectations of our customers or provide the products and services they wish to receive.

The personal information we collect may be shared with our group companies for the purposes outlined above.

Direct marketing

Personal information collected for direct marketing purposes will only be collected, used, or disclosed with the consent of the customer, unless we cannot practically obtain the consent of a customer, in which case we will:

• include an ‘unsubscribe’ facility so customers can unsubscribe from the mailing list at any time,
• provide details for customers to opt out of receiving further direct marketing communications sent from us, and
• include a prominent statement to the fact that a customer may make such a request.

Direct marketing communications may be sent via post, e-mail, telephone, social media sites, or other means.

Dealing with us online

Cookies

We store the internet protocol (‘IP’) address of your computer when you visit our site. This information is used only to create broad demographic summaries of where our users come from.

Cookies are small units of data sent to a user’s browser by a website the user visits. We use cookies to:

• facilitate the use of our website,
• improve our customers’ website browsing experience,
• monitor and analyse our customers’ use of our site and affiliated third party sites, and
• enable us to present customised messages and offerings to customers.

The cookies we use do not store any personal data or otherwise collect personal information. However, if an individual is logged into “My Account” as a customer, the information we collect via cookies may be linked with their personal information.

You can configure your internet browser to erase cookies from your computer’s hard drive, block cookies or receive a warning before a cookie is stored.

If a user disables the use of, or deletes, cookies on their web browser then they may not be able to gain access to all the content and facilities of our websites.

Google Analytics

Our website(s) may use Google Analytics, a web analytics service provided by Google. Google utilises the data collected to help us analyse how users use the websites. The information generated by the cookie about a customer’s use of the website (including its anonymised IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating customer use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and Internet usage.

Google will not associate your IP address with any other data held by Google.

We may combine information collected through Google Analytics with other information we collect, to enable us to provide you with relevant marketing content.

Use of remarketing tools

We may use Google remarketing, Facebook remarketing, pixel tags, web beacons, clear GIFs or other similar technologies to collect information of a customer’s visit to any one of its websites, combine it with other information we collect, and we may tailor advertising or content based on the customer’s use of these sites. These advertisements may be delivered by third party vendors when you visit our websites or other Internet websites. You can opt-out of sharing information about your use of this site or affiliate third party sites by accessing the settings of your device or browser.

We collect information about the other websites that are visited by computers that are used to visit our site. This information may be aggregated to provide us with information about the webpages and websites visited by computers that use our site.

Note that this privacy policy does not apply to, and we are not responsible for, the use of, or the protection of information you provide to other websites linked from this website.

Do we disclose personal information to third parties?

We may disclose personal information about you to a range of third parties. For example:

• for telecommunications services, to the Telecommunications Industry Ombudsman (‘TIO’) (for complaint management purposes).
• if we provide energy products and services, we may disclose personal information collected:
  • for account management, provisioning and fault management purposes to the relevant electricity or gas distributor and to the operator of our billing and network management system, Agility CIS System.
  • to the relevant Ombudsman or government body (Energy and Water Ombudsman (Victoria), Energy and Water Ombudsman (NSW), Energy and Water Ombudsman (Queensland) and Energy and Water Ombudsman (South Australia) for complaint management purposes).
• to third-party agents and service providers who we engage to provide our products and services, these may include:
  • sales agents and representatives,
  • organisations that process banking transactions,
  • organisations that process debt collection,
  • printers, mail distributors, couriers and dispatch centres,
  • call centres operated by entities outside the Vocus Group,
  • IT service providers and data managers, and
  • legal, accounting, insurance and business advisory consultancy services.
• to third-party providers who we engage to provide us with recruitment services or employment related verification services.

We may also disclose personal information:

• to government agencies (such as Centrelink) for the purpose of establishing or verifying eligibility for concessions and similar entitlements
• for credit checking, collection, or credit reporting purposes to a credit reporting agency or credit collection agency, in accordance with the requirements of the Privacy Act 1988 (Cth).

Personal information we obtain in connection with the provision of telecommunications services may be disclosed in accordance with requirements of the Telecommunications Act 1997 (Cth) and the Telecommunications (Interception and Access) Act 1979 (Cth). This includes disclosure:

• to the TIO, for the purpose of complaint management,
• to connection with directory assistance, emergency service calls or other urgent services, and to the IPND Manager for inclusion in the IPND, including your name, address, telephone service number and other public number customer details. (Information in the IPND is used to develop directories and to assist emergency service organisations. If your phone number is unlisted, your information will be marked accordingly in the IPND and its use and disclosure will be strictly controlled), and
• to law enforcement agencies, for law enforcement or security purposes.

Personal information we obtain in connection with the provision of electricity and gas services may be disclosed in accordance with federal and state based electricity and gas legislation and codes. This includes disclosure:

• to the various state-based energy Ombudsmen identified above, for the purpose of complaint management,
• in connection with electricity and gas safety cases or other urgent services, and
• to law enforcement agencies for law enforcement or security purposes.

We may also disclose personal information if required by law.

Is personal information disclosed outside Australia?

We disclose some personal information to persons or organisations that are outside Australia.

• Our customer service and marketing call centre operations are managed by a third-party organisation, which is based in Manila, Philippines. Personal information about prospective, current, and past customers may be accessed by this organisation for the purpose of sales and marketing, managing credit information, customer service, correspondence, provisioning, fault management and technical support activities.
• Database and webhosting services provided to us involve personal information being transferred to IT service providers based in India, Philippines, Singapore, New Zealand, the United Kingdom, Canada, and the United States of America.
• We may also supply customer credit history and information that it receives from its external credit reporting organisations to third parties located outside of Australia, in order to perform credit related activities and manage customer services.

How do we protect your personal information?

We recognise the importance of protecting your personal information and of ensuring that it is complete, accurate, up-to-date and relevant.

When you call us in relation to your account or service, we complete an ID check to verify your identity and to check the details we hold about you are correct and to update them if required. For some safety critical information, like medical information required to maintain secure power supply or ensure priority assistance, we initiate checks on an annual basis.

We have documented processes for verifying personal information collected for particular transactions, such as proof of occupancy, change of occupier, and priority assistance. Our staff are trained to properly handle the different types of information they receive, particularly sensitive information. We have quality assurance measures in place to monitor calls to ensure that our processes are being followed.

While some of the personal information we collect is held in hardcopy form, most personal information is stored in electronic databases.

We have extensive processes in place to ensure that our information systems and files are kept secure from unauthorised access and interference.

We have contractual arrangements in place with our employees and commercial partners that require them to treat personal information as confidential and to comply with applicable privacy law. We require third parties who are outside Australia to handle the personal information we transfer to them with the same level of protection as would apply to the information in Australia.

Can you access or correct personal information we hold about you?

You have a right to access personal information we hold about you. You are also entitled to ask us to provide you with the details we have provided about you to the IPND. You can do this by contacting us and we will provide you with the information within a reasonable time (usually 20 business days).

If your request to access personal information is particularly complex or requires detailed searching of our records, the Privacy Act 1988 (Cth) permits us to charge you a cost to provide you with this information.

We will provide access to the information held about an individual, including for the purposes of correcting or updating that information, unless there is an exception which applies under the APPs.

You have a right to ask us to correct information we hold about you if it contains errors or is out of date, incomplete, irrelevant or misleading.

We will make the corrections provided that any changes are in line with IPND requirements. We do not charge you to access or correct your information in the IPND.

Complaints and further information

If you would like to complain about a breach of the APPs, you may contact our Privacy Officer at the details below.

The Privacy Officer will investigate your complaint and notify you of the outcome within a reasonable period of time (usually 30 days). If you disagree with our decision, you may refer your complaint to the Office of the Australian Information Commissioner (‘OAIC’) by visiting www.oaic.gov.au.

If you would like further information on the way we manage personal information, would like to request access to or correction of your personal information, or wish to make a complaint, please contact:

Privacy officer
Attention: The Privacy Officer
Email: privacy@vocus.com.au
Address: 452 Flinders Street, Melbourne VIC 3000

If you believe that we have acted in a manner that breaches the APPs or the Privacy Act, we recommend that you contact us first. The Privacy Officer will investigate your complaint and notify you of the outcome. If you are dissatisfied with the outcome of your complaint, or you do not receive a response to your complaint within 30 days, you may make a complaint to the OAIC, which must be made in writing.

If your complaint relates to our handling of personal information in relation to your telephone or internet service, the TIO whose details can be found at www.tio.com.au.

If this privacy policy does not provide the information you require about how we deal with personal information or you have any questions or comments, please feel free to contact us.

Changes to our privacy policy

We may review and revise our privacy policy from time to time as may be needed to reflect changes to law, regulation, codes or our privacy practices. We may notify you about changes to this privacy policy by posting an updated version on our website. Please check our website from time to time to ensure you are familiar with our latest privacy policy.

Our privacy policy was last updated March 2024.