Privacy Policy

General

This Privacy Policy has been prepared on behalf of SR Global Solutions Pty Ltd trading as Merchant Warrior (Merchant Warrior, we, our, us).
Merchant Warrior is committed to protecting the privacy of personal information that we hold. This Privacy Policy specifies how we collect, use, disclose and hold personal information and how to contact us if you have any queries about personal information that we hold about you.

What is personal information?

'Personal information' is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not. Examples include an individual’s name, address, contact number and email address.

The kinds of personal information we collect and hold

Merchant Warrior operates as a payment gateway and provides electronic commerce transaction services to their clients (merchants) utilising Bulk Electronic Clearance System (BECS) and the New Payment Platform (NPP). We also operate as a payment facilitator for schemes such as American Express (Amex sponsored), Diners Club International, Visa, & Mastercard and offer payment solutions such as credit card processing, tokenisation, batch and BPay payments.
We collect and hold a range of personal information in carrying out our business and functions. The kinds of personal information we collect and hold about you will depend upon the nature of our relationship with you and the circumstances of a collection.
For example, we may collect and hold the following kinds of personal information about our customers and applicants:
  • your identification information, including name, date of birth, address, telephone number, email address or other contact details, driver’s licence particulars, occupation and other information requested and/or provided by you and people nominated by you when you prepared your application for our products or services;
  • information we may require to identify you, including as required under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act), which may include details or copies of your driver's licence or passport;
  • personal information about you necessary to record a security interest on the Personal Property Securities Register pursuant to the Personal Property Securities Act 2009;
  • details of products or services that we have provided, or have been requested to provide, to you, including information about the ongoing management and activity of the products or services we have provided;
  • information relevant to the provision of products or services to you, including information about your financial position, such as details of assets and liabilities, details of income and proof of financial position;
  • customer transactional/order information for billing purposes and transaction processing.
  • records of our interactions with you, including by telephone, email and online;
  • IP address, Browser User Agent and time zone of customers and applicants when they complete our registration form.
  • publicly available information; and
  • your enquiries or complaints.
We may also:
  • collect and hold the following kinds of personal information about our contractors, service providers and suppliers including their name, job title, and business contact details of company representatives with whom we deal, financial information and banking details; and
  • in the context of our recruitment process for employees and contractors, we collect and hold personal information, including the following kinds: name, email address, telephone number, address, financial details (including banking details), date of birth, history with us (including communications between us), citizenship, employment references, civil, credit and criminal records, driver licence information, education and employment history.
If you are or become an employee of Merchant Warrior, the handling of your personal information may be exempt from the Australian Privacy Principles under the Privacy Act 1988 (Cth) if it is directly related to your current or former employment relationship with us.
From time to time, you may provide us, and we may collect from you, personal information of or about a third party. For example:
  • where a company is an applicant and details of the company’s officeholders or account signatories are provided to us by the individual(s) applying on behalf of the company); or
  • through data merchants provide us in API transactions for their customers.
If you provide us with personal information about another person, please make sure that you tell them about this Privacy Policy.
If we are unable to collect personal information from or about you, we may not be able to respond to your requests or enquiries and facilitate any requests you make to use our services.

How we collect personal information

We collect personal information directly from you in a variety of ways, including:
  • when you complete our registration and application forms
  • when you interact with us in writing, electronically or by telephone; and
  • when you communicate with us through our website
We may also supplement the information that you provide to us with other personal information that we obtain from our dealings with you or which we receive from other entities, such as:
  • the merchants you are transacting with;
  • publicly available sources, including public registers and social media, and personal insolvency information about you entered or recorded in the National Personal Insolvency Index;
  • government authorities;
  • our service providers and other organisations we partner with to provide you with services.

How we use and disclose your personal information

We collect, hold, use and disclose your personal information for a variety of business purposes in order to provide our services to you, including:
  • assessing and processing any application you make for our services, including assessing the credit risks relating to your business or the ability for you to meet your payment obligations;
  • providing our services to you through our platform in accordance with our terms and conditions;
  • administering and managing all services we provide to you;
  • performing other administrative tasks, including staff training, undertaking planning, research and statistical analysis, systems development and testing;
  • answering an enquiry you make, or responding to a complaint made by you in respect of a service;
  • conducting data analytics to help us improve our services;
  • verifying your identity and complying with our legal and regulatory obligations;
  • facilitating our internal business operations, including audits, record-keeping, file reviews and portfolio analysis;
  • managing our relationships with our customers, suppliers, and our contracted service providers;
  • informing you of products and services provided by us, our related bodies corporate or our preferred providers which we consider may be of value or interest to you, unless you tell, or have previously told, us not to;
  • managing overdue payments and recovering overdue amounts you owe us where you have failed to meet your payment obligations to us;
  • detecting and preventing fraud, security threats or other illegal or malicious behaviour or managing disputes;
  • assessing and considering applications from prospective job applicants, contractors and service providers.
  • conducting marketing and promotional activities;
  • managing our insurance and risks; and
  • complying with our legal and regulatory obligations.

Disclosure of personal information to third parties

In order to provide our services to you, we may appoint other organisations to carry out data processing activities on our behalf. All third parties are given access to the information they need to perform their function but are not permitted to use your information for other purposes. Third parties who we may disclose personal information to include:
  • specific third parties that you have authorised to receive information held by us;
  • other third parties where it is necessary or desirable in order to provide you with our services, including but not limited to:
    • financial institutions for payment processing;
    • Card Scheme providers, such as Visa, eftpos, MasterCard, American Express and Discover Global Network;
    • 3D Secure (3DS) providers;
    • Third Party Fraud Solution Providers and
    • Payment Switch providers.
  • external service providers in relation to the operation of our website or business services, including but not limited to:
    • IT and software service providers;
    • marketing, promotional and market research agencies;
    • external business advisers (such as auditors and lawyers);
  • relevant authorities or enforcement bodies where we reasonably believe that such disclosure is necessary to bring legal action against anyone who has breached our terms and conditions or engaged in any unlawful activity;
  • in the case of a sale of our business (in whole or in part) to the purchaser (as an asset of the business);
  • for job applicants, referees whose details you provide to us;
  • other organisations, for the purpose of the detection and prevention of fraud, security threats or other illegal or malicious behaviour, including to Forter Pte Ltd (in accordance with Forter’s Services Privacy Policy)
  • any other person where we are otherwise required or permitted to by any law, including under the Privacy Act.

Disclosure of your personal information overseas

Some of our service providers are located outside Australia. As a result, personal information collected and held by us may be accessed by recipients in other countries. In particular, we may disclose personal information to our Card Scheme providers and fraud detection service providers located in Singapore and the United States.

Direct marketing

We may use and disclose your personal information for our direct marketing purposes so we can contact you via email with information about our products and services, special offers, promotions and events that may be of interest to you.
You can let us know at any time if you no longer wish to receive these communications by contacting us (using the contact details at the end of this policy) or for emails, by following the ‘unsubscribe’ link included in the email.

How we hold personal information

We generally hold personal information in computer systems that utilise a Security Socket Layer (SSL) protocol, which provides a secure environment for individuals to transmit information to a Merchant Warrior’s servers. This information is encrypted during transmission and stored on a secure server owned by Merchant Warrior.
We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification or disclosure. This includes taking appropriate security measures to protect electronic materials including ensuring information is encrypted during transmission and stored on a secure server owned by Merchant Warrior.
Our third party data storage providers are required to protect personal information in accordance with applicable laws and take appropriate technical and organisation measures against unauthorised or unlawful use of personal information or its accidental loss, destruction or damage. We use Macquarie Telecom as our hosting provider and all our data is stored on a dedicated private cloud.

Access to and correction of your personal information

You have a right to request access to personal information that we hold about you and request its correction if it is inaccurate, out of date, incomplete, irrelevant or misleading. You may do so by contacting our Privacy Officer at the details below.
We will respond to all requests for access to or correction of personal information within a reasonable period.
We will generally provide you with access to your personal information (subject to some exceptions permitted by law) but may charge an access fee to cover the cost of retrieving the information and supplying it to you.

Complaints

Please contact us (using the contact details at the end of this policy) if you have any concerns or complaints about the manner in which we have collected or handled your personal information. We will inquire into your complaint and respond within a reasonable period of time (usually 30 days).
If you are not satisfied with our response after 30 days, you can lodge a complaint with the Office of the Australian Information Commissioner by visiting www.oaic.gov.au, calling 1300 363 992 or by emailing [email protected].

Contact details

If you would like more information about the way we manage personal information, would like to request access to, or correction of, personal information that we hold about you, or wish to make a complaint, please contact us by either:
Email – [email protected]
Attention – Privacy Officer
Post – GPO Box 3149, Brisbane QLD 4001
Telephone – +61 7 3166 5489

Changes to our privacy policy

From time to time, it may be necessary for us to review and revise our Privacy Policy. We may notify you about changes to this Privacy Policy by posting an updated version on our website. We encourage you to check our website from time to time to ensure you are familiar with our latest Privacy Policy.
Our Privacy Policy was last updated in December 2024.
MerchantWarrior

Call Us
09 887 0606

Contact
[email protected]

  • Australia United Kingdom United States Singapore India Hong Kong