Privacy Policy

Bill Hero Privacy Policy

Who we are

Bill Hero Holdings Pty Ltd is Registered in Australia, ABN 74 637 776 311. Our registered address is Bill Hero, Level 17, HWT Tower, 40 City Road, Southbank, VIC 3006, Australia.

Our commitment to your Privacy

At Bill Hero, we take your privacy seriously. Our guiding philosophy is that your personal information should be used for your own benefit.

We will always handle your personal information in accordance with applicable laws.

About this Policy

This policy explains:

• What is the personal information we collect from you
• How we collect and store your personal information
• How we use your personal information
• When and to whom will we disclose your personal information
• Your right of access to your personal information
• Your right to inspect and correct the personal information that we hold about you
• Your right to have your privacy complaints investigated and resolved
• Your right to have your personal information protected from misuse or unauthorised access
• Your right to be informed about data breaches

What is the personal Information we collect from you

Bill Hero is a retail energy plan comparison and switching facilitation service. Some Personal information is required to use the Bill Hero service.

To use the Bill Hero service, you must provide personal information:

• You must provide your full name
• You must upload your energy bill – energy bills contain customer name, energy supply address, and may also include a separate billing address
• You must provide an email address
• You must provide a contact telephone number.

To initiate a switch application through the Bill Hero service, you must provide additional personal information as required by your chosen Retailer. This may include:

• Your full name and preferred title or salutation
• Your energy supply address
• Your billing address
• Your medical devices declaration
• Your ID type and identifier
• Your Concession type and identifier

How we collect and store your personal information

We collect the information you provide to us, when you complete your subscription to the Bill Hero service.  This information may include personally identifying information such as your name, address, telephone number, mobile number, e-mail address, driver's license number or passport number.

We store your personal information in secure data centres, operated by reputable cloud service providers.

Access to our information systems is controlled through identity authorisation, passwords and 2FA tokens.

How we use your personal information

We use your personal information to enable the driver'sprovision of our services:

• To provide our services or information you request, and to process and complete any transactions;
• To respond to your emails, submissions, questions, comments, requests, and complaints and provide customer service;
• To monitor and analyse site usage and trends, and to personalise and improve our site and our users’ experiences on our site;
• To send you confirmations, updates, security alerts, and support and administrative messages and otherwise facilitate your use of, and our administration and operation of, our site;
• For any other purpose for which the information was collected and related purposes which would be reasonably expected by you;
• For other purposes to which you have consented; and
• As otherwise authorised or required by law.

When and to whom will we disclose your personal information

We will not share the personal information we collect from you with third parties, except as described in this privacy policy or as otherwise disclosed to you as permitted by law. For example, we share personal information as follows:

• With energy retailers only in order to facilitate your application for and purchase of retail energy products;
• With service providers who are working with us in connection with the operation of our sites or our services;
• When you give us your consent to do so, including if we notify you on our site that the information you provide will be shared in a particular manner, and you provide such information;
• When we are lawfully authorised or required to do so or where doing so is reasonably necessary or appropriate to comply with the law or legal processes or respond to lawful requests or legal authorities, including responding to lawful subpoenas, warrants, or court orders;
• To enforce or apply our privacy policy, our terms of use or our other policies or agreements;
• In connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition, or in any other situation where personal information may be disclosed or transferred as one of the business assets of us; and
• Otherwise, as permitted or required by law.

Your right of access to your personal information

We will support your right to access and view any personal information we hold about you. To request access to your personal information, please contact [email protected]. Proof of identity will be required

Your right to inspect and correct the personal information that we hold about you

We will support your right to update or correct any personal information we hold about you. To request corrections and updates to the personal information we hold about you, please contact [email protected]. Proof of identity will be required.

Your right to have your privacy complaints investigated and resolved

We strive to meet or exceed the highest standards to protect your privacy and support your personal data sovereignty. Please contact us at [email protected] If you believe we have mishandled your personal information or have otherwise infringed your statutory privacy rights or the requirements of the privacy frameworks we adhere to. Any complaint must be made in writing.

We will treat privacy complaints with the highest priority, and we commit to respond to any such complaint within 14 days.

Your right to have your personal information protected from misuse or unauthorised access

The Bill Hero service is hosted in secure data centres operated by reputable cloud service providers. To help protect the privacy of data and personal information we collect and hold, we maintain physical, technical and administrative safeguards.

We train our employees about the importance of confidentiality and maintaining the privacy and security of your information. Access to your personal information is restricted to employees who need it to provide benefits or services to you.

Your right to be informed about data breaches

We will adhere to the Notifiable Data Breaches scheme (NDB scheme) in Part IIIC of the Privacy Act which requires us to notify affected individuals and the Privacy Commissioner about ‘eligible data breaches’. An eligible data breach occurs when the following criteria are met:

• There is unauthorised access to or disclosure of personal information held by an entity (or information is lost in circumstances where unauthorised access or disclosure is likely to occur).
• This is likely to result in serious harm to any of the individuals to whom the information relates.
• The entity has been unable to prevent the likely risk of serious harm with remedial action.

Under the NDB scheme, we must also conduct an assessment if it is not clear if a suspected data breach meets these criteria. The assessment will determine whether the breach is an ‘eligible data breach’ that triggers notification obligations.