Privacy Policy

**1. Introduction**

The Currency Shop Pty Ltd (ACN 163 569 462) (referred to as ‘The Currency Shop', ‘we', ‘our', ‘us') recognises the importance of ensuring the confidentiality and security of your personal information.

This Privacy Policy describes how your personal information is collected, used, and shared when you visit or make a purchase from exiap.com (the "Site").

The Currency Shop is bound by the Australian Privacy Principles (‘APPs') and the Privacy Act 1988 (‘Privacy Act'). This Policy outlines The Currency Shop's practices, procedures and systems to manage and protect your personal information in accordance with the Privacy Act and the APPs.

All third parties (including customers, suppliers, sub-contractors, or agents) that have access to or use personal information collected and held by The Currency Shop must abide by this Policy.

Copies of this Policy are available free of charge by contacting the Privacy Officer or can be downloaded from our website: www.exiap.com.

In this Policy:

‘Disclosing' information means providing information to persons outside The Currency Shop;

‘Personal information' means information or an opinion relating to an individual, which can be used to identify that individual;

‘Privacy Officer' means the contact person within The Currency Shop for questions or complaints regarding The Currency Shop's handling of personal information;and

‘Use' of information means use of information within The Currency Shop.

2. What kind of personal information do we collect and hold?

When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as "Device Information."

We may collect your email address in order to provide you with our services, such as Rate Alert Notifications.

3. Children's data

We do not collect personal data from children under the age of 18.

4. How we collect personal information

We collect personal information directly from you. For example, personal information will be collected when you sign up to receive email rate alerts or visit our website.

Sometimes we may use third parties to analyse traffic at our website, which may involve the use of cookies. Information collected through such analysis is anonymous.

We collect Device Information using the following technologies:

– "Cookies" are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.

– "Log files" track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.

– "Web beacons," "tags," and "pixels" are electronic files used to record information about how you browse the Site.

When we talk about "Personal Information" in this Privacy Policy, we are talking both about Device Information and Personal Information you directly shared with us.

5. About whom do we collect personal information?

The personal information we may collect and hold includes (but is not limited to) personal information about the following individuals:

visitors to our website;

service providers or suppliers; and

other third parties with whom we come into contact.

6. Why does The Currency Shop collect personal information?

We may use and disclose the information we collect about you so that we may:

provide you with foreign exchange rate comparison services;

let you know about other products or services we offer, send you information about special offers or invite you to events;

protect our business and other customers from fraudulent or unlawful activity;

advertising to you including retargeting / remarketing

conduct our business and perform other management and administration tasks;

consider any concerns or complaints you may have and manage any legal actions involving The Currency Shop;

comply with relevant laws, regulations and other legal obligations; and

help us improve the services offered to our customers, and continually enhance our business.

The Currency Shop may also use and disclose personal information for reasonably expected secondary purposes which are related to the primary purposes set out above and in other circumstances authorised by the Privacy Act.

7. Sharing your personal information

We may disclose personal information to:

a related entity of The Currency Shop;

an agent, professional advisor or service provider we engage to carry out our functions and activities, such as foreign exchange contract issuers, money remitters, lawyers, accountants, IT managers, and marketing companies;

foreign exchange contract issuers or other financial service providers;

organisations involved in a transfer or sale of all or part of our assets or business;

regulatory bodies, government agencies, law enforcement bodies and courts; and

anyone else to whom you authorise us to disclose it or as required by law.

If we disclose your personal information to service providers that perform business activities for us the service provider may use your personal information only for the specific purpose for which we supply it. We will ensure that all contractual arrangements with third parties adequately address privacy issues and will make third parties aware of this Privacy Policy.

We use Google Analytics to help us understand how our customers use the Site–you can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.

Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.

8. Sending information overseas

We use cloud computing services which means your personal information may be stored on web servers located overseas. These servers may be located in the United States, Brazil, Europe or Asia. We do not disclose your personal information to other overseas recipients.

We will not disclose your personal information to overseas recipients without your consent unless:

we have taken reasonable steps to ensure that the recipient does not breach the Act, or the APPs; or

the recipient is subject to a similar information privacy regime.

9. Management of personal information

The Currency Shop recognises the importance of securing the personal information of our customers. We will at all times seek to ensure that the personal information we collect and hold is protected from misuse, interference, or loss, and unauthorised access, modification or disclosure.

Personal information is held in a computer database. We safeguard this information by applying the following guidelines:

passwords are required to access the system and passwords are routinely checked;

data ownership is clearly defined;

we change employees' access capabilities when they are assigned to a new position;

employees have restricted access to certain sections of the system;

the system automatically logs and reviews all unauthorised access attempts;

unauthorised employees are barred from updating and editing personal information;

all personal computers which contain personal information are secured both physically and electronically;

data is encrypted during transmission over the network; and

print reporting of data containing personal information is limited.

10. Direct marketing

The Currency Shop will only use your personal information for the purposes of direct marketing with your consent. You have the right to request us not to use your personal information for the purpose of direct marketing. Should you wish to stop receiving direct marketing emails, you may cease direct marketing by contacting us or click on the unsubscribe button within the email. We must give effect to the request within a reasonable period of time.

11. Your rights

You have the right to ask The Currency Shop to provide you with all the information it stores on you, subject to the exceptions set out in the Privacy Act. We will require identity verification and specification of what information is required. Generally access will be provided within 30 days of your request. If we refuse to provide the information, we will provide reasons for the refusal. You have the right to ask The Currency Shop to rectify, block, complete and delete your personal data, to restrict its use, and to port your data to another organisation. You have the right to request additional information about the handling of your personal data. You also have the right to object to the processing of your data by the Currency Shop in some circumstances and, where we have asked for consent to process your data, to withdraw this consent. Additionally, you may contact The Currency Shop Privacy officer if you would like assistance with any of the aforementioned rights.

There are exceptions to these rights e.g. access to personal data may be denied in some circumstances if making the information available would reveal personal information about another person or if The Currency Shop is legally prevented from disclosing such information. In addition, The Currency Shop may be able to retain data even if you withdraw your consent, where The Currency Shop can demonstrate that it has a legal requirement to process your data.

12. Updates to this policy

This Policy will be reviewed from time to time to take into account any applicable new laws, technology, changes to our operations and the business environment.

13. Retention of your personal data

The Currency Shop will retain your information only for as long as is necessary for the purposes set out in this policy. We will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We may also retain log files for internal analysis purposes used for website security and to improve website functionality.

14. Our responsibilities

It is the responsibility of management to inform employees and other relevant third parties about this Policy. Management must ensure that they advise employees and other relevant third parties of any changes to this Policy. All new employees are to be provided with timely and appropriate access to this Policy. All employees are provided with opportunities to attend privacy training. Employees or other relevant third parties that do not comply with this Policy may be subject to disciplinary action.

15. Making a complaint

If you have any questions about our privacy procedures, or if you wish to make a complaint about how we have dealt with your personal information, you may lodge a complaint with us in any of the following ways:

by emailing – [email protected]

If you are not satisfied with the result of your complaint to The Currency Shop you can also refer your complaint to the Office of the Australian Information Commissioner:

by telephoning – 1300 363 992

by writing to – Director of Complaints, Office of the Australian Information Commissioner, GPO Box 5218, SYDNEY NSW 2001

by emailing – [email protected]