1. Who we are
This Privacy Policy describes how MEMBERBenefits Pty Ltd (ABN 19 090 691 080), trading through brands including Employee Benefits Program, Presidential Card, Member Benefits, Perkly and other whitelabel programs, collects, uses and protects your personal information.
In this policy:
• “we”, “us” and “our” means MEMBERBenefits Pty Ltd and its brands
• “you” means a member, employee, cardholder, website visitor or other person whose information we handle
We manage benefits programs for employers, member organisations and volunteer agencies, including online shopping, gift cards and discount offers.
We handle personal information in line with:
• Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs)
• Notifiable Data Breaches Scheme
• Privacy and Data Protection Act 2014 (Vic) and the Information Privacy Principles (IPPs) when we provide services to Victorian public sector entities
⸻
2. What personal information we collect
The information we collect depends on how you interact with us, but may include:
Identity and contact
• Name
• Email address
• Postal address
• Phone number
Program and membership details
• Employer or member organisation
• Program name, membership number or employee ID
• Team, site, region or brigade name
• Role or employment status where needed to verify eligibility
Account and usage information
• Username or login email
• Encrypted password and security details
• Login dates and times
• Pages visited, offers viewed and redemptions made
• Support requests and communications with us
Order and payment information
• Products and services ordered
• Gift card and voucher details
• Payment method, payment status and transaction references
• For card payments, limited details needed to process the transaction through our payment gateway
We do not store full credit card numbers in our own systems. These are processed by secure third-party payment gateways.
Technical information
When you use our websites or platforms we may collect:
• Device type, browser, operating system
• IP address and general location
• Cookies and similar tracking data
• Activity logs and error logs
Sensitive information
We do not usually collect sensitive information. In rare cases a client may give us information about health, union membership or similar for eligibility checks or program design. We only collect or use this:
• With your consent, or
• Where required or allowed by law, or
• Where a government client requires it and provides lawful authority
⸻
3. How we collect personal information
We may collect information:
• Directly from you when you register, log in, place an order, contact us or complete a form
• From your employer, union, association or volunteer organisation that has engaged us to provide a benefits program
• From our websites and online services using cookies and similar technologies
• From third-party systems that you or your organisation connect to our platform
These can include cloud services such as:
• Email and collaboration platforms such as Google Workspace
• Customer relationship and marketing platforms such as HubSpot
• Website and membership systems (for example WordPress, WooCommerce and membership plugins)
• Analytics, logging and support tools
When it is reasonable and practical we collect personal information from you directly.
We only collect information by lawful and fair means and only what we need to run our programs and services.
⸻
4. Why we collect and use your information
We use personal information for the following purposes:
To run the benefits programs
• Verify eligibility and create member accounts
• Provide access to websites, apps and membership portals
• Show offers, discounts and program content relevant to your program
• Process orders, gift cards and redemptions
• Coordinate delivery of eGift cards and physical cards
To support you
• Respond to questions and support requests
• Troubleshoot login and technical issues
• Investigate and resolve offer or supplier issues
To manage our relationship with clients
• Provide reporting to employers and member organisations, often in aggregated or de-identified form
• Help clients understand usage, engagement and savings
• Support onboarding, renewals and program design
To improve our services
• Monitor site performance and fix problems
• Analyse usage patterns to improve offers and user experience
• Test new features and channels such as mobile apps
For communications and marketing
• Send service messages, program updates and important notices
• Send optional news and promotional content about offers, savings and program enhancements
You can opt out of marketing emails at any time by using the unsubscribe link or contacting us. Service and transactional emails will still be sent where needed.
To comply with law and manage risk
• Meet obligations under the Privacy Act, Australian Consumer Law and other relevant laws
• Prevent, detect and investigate fraud or misuse
• Respond to lawful requests from regulators, law enforcement or government bodies
⸻
5. Cookies and analytics
Our websites and portals use cookies and similar technologies to:
• Keep you signed in
• Remember your preferences
• Measure site performance and usage
• Improve the relevance of offers and content
We may use analytics and marketing tools, which can include services such as Google Analytics or similar platforms.
You can block or delete cookies in your browser settings, although some features may not work properly if you do.
⸻
6. Who we share your information with
We may disclose personal information to:
Your employer or member organisation
• To verify eligibility and membership
• To provide usage and savings reports, usually in aggregated or de-identified form
• To support inquiries they make on your behalf
Service providers
We use trusted third parties to help deliver our services, such as:
• Website and application hosting
• Cloud email and document platforms such as Google Workspace
• Customer relationship and marketing platforms such as HubSpot
• Payment gateways and financial service providers
• Gift card and benefit providers
• Data storage, backup and security services
• IT support and development partners
We only share information they need to provide their services and require them to protect it.
Government and regulators
• Government departments, regulators or law enforcement when required or allowed by law
Other parties
• Professional advisers such as lawyers, auditors and accountants
• Any party you have authorised us to share information with
We do not sell your personal information.
⸻
7. Overseas disclosure
Some of our service providers or their systems may be located outside Australia or may store data in multiple regions.
We take reasonable steps to ensure that any overseas disclosure of personal information is handled in line with:
• The Australian Privacy Principles
• Our contracts with clients, including Victorian public sector entities
• Any specific requirements under the Privacy and Data Protection Act 2014 (Vic) when we act as a contracted service provider
This may include:
• Contract terms that require comparable privacy protections
• Provider due diligence and security reviews
⸻
8. How we protect your information
We use a mix of technical, physical and organisational measures to protect personal information from misuse, loss and unauthorised access, modification or disclosure.
These include:
• Limiting access to staff and contractors who need information to do their jobs
• Role-based access controls and password policies
• Secure cloud platforms with access logging and encryption in transit
• Secure handling of payment information through specialist payment gateways
• Staff training on privacy and data security
• Secure disposal or de-identification of information when no longer required
No system is perfect, but we work to maintain a strong and up to date security posture, including for our cloud providers and integrated systems.
⸻
9. Notifiable data breaches
If we experience a data breach that is likely to result in serious harm to individuals, we will:
• Assess the incident promptly
• Take steps to contain and remediate the breach
• Notify affected individuals and the Office of the Australian Information Commissioner (OAIC) where required
• For Victorian public sector work, meet any additional reporting duties to the Office of the Victorian Information Commissioner (OVIC)
⸻
10. Access to and correction of your information
You can request access to the personal information we hold about you and ask us to correct it if it is inaccurate, incomplete or out of date.
We may need to verify your identity before giving access or making changes.
In some cases we may refuse access or correction where the law allows this, for example:
• Where the request is frivolous or vexatious
• Where access would unreasonably impact the privacy of others
• Where access would pose a serious threat to life, health or safety
• Where access would interfere with law enforcement or regulatory activities
If we refuse access or correction we will explain why, and outline how you can complain if you are not satisfied.
⸻
11. Anonymity and pseudonyms
Where practical, you can choose not to identify yourself or to use a pseudonym when dealing with us.
This is not possible where we need to verify your identity or eligibility, such as to provide benefits, process orders or respond to account-specific queries.
⸻
12. Data retention and destruction
We keep personal information only for as long as it is needed for:
• The purposes described in this policy
• Our contracts with clients
• Legal, tax and accounting requirements
After that, we take reasonable steps to destroy or permanently de-identify the information.
This may involve secure deletion of electronic records and secure destruction of physical records.
⸻
13. Credit card and online payments
When you pay for products or services by card, payments are processed through secure third-party payment gateways.
• We do not store full card numbers in our own systems
• Gateways and banks handle card details in line with their own security and PCI-DSS obligations
• We receive confirmation of payment status and summary details such as transaction reference and last four digits only
When we introduce new payment methods, we will ensure they are integrated in line with this approach.
⸻
14. Third-party websites
Our websites and emails may contain links to third-party sites and services, including retailers and benefit providers.
We are not responsible for the privacy practices of those sites. You should review the privacy policies of any third-party service you use.
⸻
15. Complaints and contact details
If you have any questions, concerns or a complaint about how we handle your personal information, please contact:
Privacy Officer
MEMBERBenefits Pty Ltd
PO Box 2200
Mornington VIC 3931
Email: info@memberbenefits.com.au
Tell us:
• Your name and contact details
• What you are concerned about
• Any relevant dates, program names or reference numbers
We will investigate and respond as soon as we can, usually within 30 days.
If you are not satisfied with our response, you can contact:
Office of the Australian Information Commissioner (OAIC)
Website: www.oaic.gov.au
Phone: 1300 363 992
For Victorian government-related matters you can also contact:
Office of the Victorian Information Commissioner (OVIC)
Website: www.ovic.vic.gov.au
⸻
16. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. The latest version will be published on our websites.
The updated policy will apply from the date it is posted and will not change how we handled personal information in the past.