ActewAGL home page :: Help :: Legal :: Privacy :: Privacy FAQs

ActewAGL's commitment to privacy

Privacy statement

What is a Privacy Policy, and why does ActewAGL have one?

Privacy obligations under the Privacy Act

Does ActewAGL collect general information?

How does ActewAGL use website visitors general information?

Does ActewAGL collect other personal information from online forms filled out on the website?

How does ActewAGL use this personal information collected from the website?

Will my personal information be shared with any other companies?

What about service providers and others involved with the epayplus service?

Do my billers and financial institution have their own privacy policies?

Does ActewAGL have access to information regarding TransACT customers?

How secure is the personal information stored in ActewAGL epayplus?

How secure is the personal information entered during the ad hoc online payment system?

How secure is the ActewAGL website?

How can I access my personal information to correct or update it?

Does ActewAGL use cookies?

What happens if I forget to log off?

What is a Privacy Policy, and why does ActewAGL have one?

ActewAGL attaches a high importance to protecting the privacy of its customers who use the ActewAGL and TransACT websites and of securing their personal information.

This Privacy Policy summarises what general and personal information ActewAGL collects and what it is used for.

ActewAGL adheres to the 10 National Privacy Principles (NPPs) contained in the Privacy Act 1988 (Commonwealth), which govern the way personal information is collected, recorded, stored, used and disclosed.

ActewAGL takes all reasonable steps to secure the personal information of a customer. Such information is protected by online registration and passwords, and secure servers. Credit card numbers are encrypted for additional security during transmission to a customer's financial institution.

For more information about ActewAGL’s privacy policy, please call the Privacy Contact Officer on 6248 3328 or via the online enquiry form.

Return to top

Privacy obligations under the Privacy Act

ActewAGL is subject to the NPPs and other provisions of the Privacy Act. One NPP is of particular relevance to ActewAGL:

NPP 2 prohibits the use or disclosure of personal information, for any purpose ("secondary purpose") other than the purpose for which the information was obtained ("primary purpose"), unless an exception is applicable.

The exceptions in the Privacy Act (1988) are as follows:

  • where the secondary purpose is related to the primary purpose and the individual would reasonably expect the organisation to use or disclose the information for the secondary purpose (exception NPP 2.1(a))
  • where the individual concerned has consented to the use or disclosure of the information (exception NPP 2.1(b)).
  • where the secondary purpose is direct marketing to the customer if the customer is able to "opt out" of receiving further material and consent is impracticable (exception NPP 2.1(c))
  • where the organisation reasonably believes that the use or disclosure of the information is necessary to protect against a serious and imminent threat to a person's life or health, or a serious threat to public health and safety (exception NPP 2.1(e)).
  • where the use or disclosure of the information is required or authorised by law (exception NPP 2.1(g)).
  • where the use or disclosure is reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of the public revenue (exception NPP 2.1(h)).

Return to top

Does ActewAGL collect general information?

Yes. When someone visits the ActewAGL website, ActewAGL makes a record of and logs the following information:

  • the IP address as given by the user's ISP (for example, yahoo, bigpond), proxy server, or firewall)
  • the user's top level domain name (for example, .com, .gov, .au, .uk)
  • the date and time of the visit to the site (arrival and/or departure)
  • the pages accessed ("clickstream" data) and documents downloaded
  • the type of browser used.

Return to top

How does ActewAGL use website visitors general information?

Such information is usually aggregated, so that it can not be used to personally identify, or contact the user. Aggregate information allows ActewAGL to monitor general trends in website usage. An example of such non-identifying aggregate information is "50 per cent of epayplus customers use this service during evening hours".

No attempt will be made to identify users or their browsing activities from the general information except where this is permitted by the Privacy Act. For example, where the police exercise a warrant to inspect our logs for the enforcement of a criminal law.

ActewAGL may use this general information to inform users of any improvement in the useability and accessibility of the ActewAGL website.

Return to top

Does ActewAGL collect other personal information from online forms filled out on the website?

Yes, but not without your consent. Apart from the general information described above, ActewAGL only collects personal information that is voluntarily provided by the website user, to access a service on the website.

You are entitled to have access to personal information that is kept about you, and to make changes to this information.

Return to top

How does ActewAGL use this personal information collected from the website?

ActewAGL asks you to supply certain information about yourself when you choose to register as an epayplus customer. The personal information will only be used for the purpose you provided it for, in line with the privacy principles of the Privacy Act, and as required by law.

ActewAGL may use email addresses collected via this registration process to periodically notify its online customers of new developments.

Visit ActewAGL’s Privacy Policy for more information.

Return to top

Will my personal information be shared with any other companies?

Only as agreed by you or as necessary to operate the service (for example, with billers, financial institutions and service support providers). Otherwise ActewAGL will not share your name or other personal information with third parties at any time except to fulfil legal and regulatory obligations.

Return to top

What about service providers and others involved with the epayplus service?

A number of companies participate in providing the epayplus service. Your financial institutions and billers do not gain access to any of your personal information that they do not already have as a result of their separate relationship with you as a customer. Our bank sends a request to your nominated financial institution to debit your nominated account as instructed by you. If epayplus customer support is provided by a third party under contract, this service provider would have limited access to your personal information to provide customer service support as initiated by you.

Return to top

Do my billers and financial institution have their own privacy policies?

Billers and financial institutions may have their own separate privacy policies and practices. The ActewAGL privacy policy does not cover these organisations. You should ask your billers and financial institution(s) directly for information about their privacy policies and practices.

Return to top

Does ActewAGL have access to information regarding TransACT customers?

The epayplus website is hosted by ActewAGL. ActewAGL manages the encryption of personal information supplied by TransACT customers using the epayplus service to ActewAGL (such as credit card details for account payments). ActewAGL processes the epayplus payments of TransACT customers as agent for TransACT.

Existing TransACT customer information such as account payments and previous payment history is retained by TransACT and not disclosed by TransACT to ActewAGL for the purposes of ActewAGL providing the epayplus service to TransACT customers.

Return to top

How secure is the personal information stored in ActewAGL epayplus?

All reasonable steps are taken by ActewAGL to protect a customer's personal information, in particular the credit card details supplied by registered epayplus users. ActewAGL has used state-of-the-art encryption technology to secure the personal information of a website user.

All credit card transactions receive an identification number that is proof of the transaction's acceptance into the banking system. This identification number can be used to trace any transaction back to the credit card issuer (for example, the bank that issued the MasterCard, or VISA credit card).

The result of the credit card payment process is normally displayed on the screen within a few seconds.

Although ActewAGL takes all reasonable steps to secure your personal information, ActewAGL is not responsible for any loss or damage whatsoever incurred by you through this site.

Please see our Legal Disclaimer for more information.

Return to top

How secure is the personal information entered during the ad hoc online payment system?

Credit card information collected from customers who are not registered epayplus users via the ad hoc online payment system is transmitted immediately into the banking system and is deleted immediately after the transaction has been completed. See also "Encryption".

As with epayplus, all credit card transactions receive an identification number that is proof of the transaction's acceptance into the banking system. This identification number can be used to trace any transaction back to the credit card issuer (for example, the bank that issued the MasterCard, or VISA credit card). The result of the credit card payment is normally displayed on the screen within a few seconds.

Return to top

How secure is the ActewAGL website?

The ActewAGL secure site uses a 128-bit Verisign digital certificate. This ensures the confidentiality of your information. If any other internet user intercepts the communication they will only be able to see it in an encrypted form. Further information about this feature can be found at the Verisign website.

When you connect to a secure web server, such as the epayplus area of this website, you ask that server to authenticate itself. This authentication is quite a complex process involving public keys, private keys and a digital certificate. The certificate tells you that an independent third party has agreed that the server belongs to the company it claims to belong to.

ActewAGL uses secure socket layer (SSL) encryption for its forms and payment details that are transmitted using the internet. SSL encrypts web communication, allowing us to take credit card orders and protect sensitive personal information. SSL security makes eavesdropping on secure web traffic almost impossible.

Verisign SSL certificates are compatible with all recent browsers, including Microsoft Internet Explorer 5.01 (build 5.00.2920) and above and Netscape Netscape Navigator and Communicator 4.6 and above. If you are using a Macintosh operating system, the certificate is compatible with Internet Explorer 5.2.2 and above. The ActewAGL website is compliant with Internet Explorer 4.0 and above and Netscape 4.07 and above.

ActewAGL does not recommend the use of older browsers for secure transactions. If you are using a browser version older than those listed you may experience error messages when using our secure website. The browser you are using may be incompatible with the Verisign SSL certificate that we use to ensure the security of your information. If this occurs Verisign can supply you with instructions to assist.

Return to top

How can I access my personal information to correct or update it?

There is a link called "Personal details" in the index of the epayplus website. Click on it to open the "Edit details" page, where you can make changes to your personal profile.

Only changes to your personal file can be made.

Return to top

Does ActewAGL use cookies?

Cookies are simple text files stored on your computer by your web browser. They identify and recognise your computer, but not the person using it. ActewAGL only uses "session" cookies. The text file that is sent to your computer is only there for the time you are on the ActewAGL website. It is important to log off when you are finished with your session on the site. If you stay logged on, and leave your computer, someone else can use the open session to access your account.

Return to top

What happens if I forget to log off?

A session is only valid for a certain period of time after your last activity with the server. If no activity is detected in the set time frame (for example 20 minutes), then your session is logged off and the cookie (login token) is no longer valid. Once your session expires, you will have to log in again to authenticate yourself for another session.

Although ActewAGL takes all reasonable steps to secure your personal information, ActewAGL is not responsible for any loss or damage whatsoever incurred by you through this site.

Please see our Legal Disclaimer for more information.

Return to top

Contacting ActewAGL

ActewAGL provides online services as part of its commitment to customer satisfaction. If you would like any further information about our privacy statement, please contact the Privacy Contact Officer on 6248 3328 or via the online enquiry form.

Return to top

November 2003

ActewAGL Retail ABN 46 221 314 841 a partnership of ACTEW Retail Ltd ABN 23 074 371 207 and AGL ACT Retail Investments Pty Ltd ABN 53 093 631 586

TransACT Capital Communications ABN 23 093 966 888
ActewAGL Retail processes the epayplus payments of TransACT customers as agents for TransACT
Contact us: 13 14 93 | Online enquiry