Right Solution
Right Price
Right Now

Privacy Policy

This Privacy Policy was last updated on 25 January 2023.

1. General

1.1 This Privacy Policy applies to all Personal Data collected by One Stop Warehouse Pty Ltd (ACN 161 849 323) and each of its associated entities as appropriate, including One Stop Warehouse Finance Pty Ltd ACN 609 758 143 (‘OSWF’), a proprietary limited company registered in Australia (together, OSW, we, our and us).

1.2 OSW is committed to complying with its obligations under the Privacy Act 1988 (the Act) and the Australian Privacy Principles (APP) in respect of that information. If you are located in California, United States of America, additional local requirements under the California Consumer Privacy Act(CCPA) may apply.

1.3 If you are located in, or are a citizen of the European Union, you may have additional rights under the European Union General Data Protection Regulation (GDPR), please see our European Union (EU) and United Kingdom (UK) privacy and cookie policies available on our Website. If you are accessing our Websites and Services from another jurisdiction, additional local requirements may apply,

1.4 In this Privacy Policy, we explain how and why we collect your Personal Data, how we use it, and what controls you have over our use of it. Please read this Privacy Policy carefully. If you do not agree with the terms and conditions of this Privacy Policy, please do not use our Websites and Services.

2. Definitions

2.1 In this Privacy Policy:

(a) American CAN-SPAM Act means the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003.

(b) Data Protection Laws means the laws that are designed to protect Personal Data and privacy in the place where you live. For the purpose of this Privacy Policy, these include:

(i) the Australian Privacy Act 1988 (as amended, the AU Privacy Act); and

(ii) the California Consumer Privacy Act (CCPA).

(c) Government Related Identifiers means an identifier assigned to any individual by an agency, a State or Territory authority, an agent of an agency, or State or Territory authority, acting in its capacity as agent; or a contracted service provider for a Commonwealth contract, or a State contract, acting in its capacity as contracted service provider for that contract.

(d) OAIC means the Office of the Australian Information Commissioner.

(e) Payment Processors and Payment Facilitators refers to third-parties that process your payments for the Services.

(f) Personal Data means information about you which personally identifies you or may reasonably be used to personally identify you pursuant to Data Protection Laws. The AU Privacy Act and CCPA refer to the comparable concept of ‘Personal Information’, in this Policy, any reference to Personal Data shall include Personal Information.

(g) Processing, including process, refers to the broad terms for collection, storage, transfer, use, or other action related to your Personal Data.

(h) Sensitive information has the meaning given to that term in the AU Privacy Act, including Data Protection Laws where the term holds a corresponding meaning.

(i) Services refers to services provided by OSW to you, which may include, but is not limited to,

(i) the promotion, sourcing, ordering and provision of OSW products, solutions and supporting services; and

(ii) the engagement of employees, contractors (including subcontractors), consultants, and agents in the ordinary course of OSW business.

(j) Websites means each of the following websites available at:

(i) https://www.osw.energy/;

(ii) https://www.greendeal.com.au/;

(iii) https://osw.energy/nl/;

(iv) https://osw.energy/pl/;

(v) https://osw.energy/it/;

(vi) https://osw.energy/fr/;

(vii) https://osw.energy/de/; or

(viii) any other website from time to time from which the Services are promoted and/or delivered.

(k) You or your means you as an individual using our Websites, Services or otherwise contacting us (on your own behalf, or for another individual or entity).

3. Types of Personal Data we collect

3.1 We may collect, use, store and transfer various types of Personal Data, including:

(a) Identity Data including your name, domain name, location, gender and date of birth;

(b) Contact Details including billing address, email address for primary and secondary contacts and telephone number;

(c) Financial Data including bank account and payment card details, including credit card number and expiry date and security code (CVC);

(d) Transaction Data including details about payments made to and from you in connection with the Services, identity of customers, resellers or suppliers (as applicable), details of activities listed, booked, or otherwise dealt with through our Services and all other information convenient in relation to the provision of our Services;

(e) Technical Data including internet protocol (IP) address, your login data, browser type and version, access times, webpage you are directed from, webpage(s) or content you historically accessed for us, time zone settings and location, browser plug-in versions and types, operating system and websites, and other technology in devices used to access our Websites and/or Services or the users of our Services;

(f) Profile Data including your username and password, portal preferences, feedback and survey responses;

(g) Usage Data including information about your usage of our Websites and Services including information retrieved from ‘cookies’; and

(h) Marketing and Communications Data including your preferences in receiving marketing from us and communicating with us, including our third parties;

(i) Employee and contractor record information including health information (as applicable), engagement, training and discipline information, terms of engagement information, emergency contact numbers, remuneration details, membership of a professional or trade association (as applicable), trade union membership (as applicable), leave entitlements, superannuation details, and Government Related Identifiers (for only collecting, using, or disclosing as reasonably necessary for the Services); and

(j) any other Personal Data that may be required in order to facilitate your dealings with us.

3.2 Where we solicit Personal Data, we only collect:

(a) non-Sensitive Information, if it is reasonably necessary for our Services;

(b) Sensitive Information, if it is reasonably necessary for or directly related to our Services and you have consented to its collection, or its collection is permitted or authorised by law.

3.3 We may collect various other types of Personal Data, including Sensitive Information, in the course of conducting our business where it is provided to the users of the Services or other persons without being solicited, in accordance with clause 8.

4. How we collect Personal Data

4.1 We may collect Personal Data about you through any of the following methods:

(a) Direct interactions where you provide us with Identity, Profile, Contact, Financial and Transaction Data through completing documentation for us or communicating by phone, email, post, via our Websites or otherwise. This includes Personal Data that is provided to us when you:

(i) access or use our Websites;

(ii) request or participate in our Services;

(iii) request marketing from us;

(iv) provide us with feedback; or

(v) communicate with us via email, telephone, SMS, our Website, or social media; and

(vi) otherwise deal with us in the course of our business.

(b) Automated technology and data where you interact with our Websites and/or Services, we automatically collect Technical, Usage and Marketing or Communications Data. We collect this Personal Data using particular service providers, cookies and server logs/log files.

(c) Third parties or publicly available sources where Personal Data about you is made available as follows:

(i) Technical Data from advertising networks, search information providers and analytics providers;

(ii) Contact, Financial and Transaction Data from technical and payment services connected to our Services;

(iii) Identity and Contact Data made available from public sources, law enforcement or government entities in other jurisdictions (as applicable); and

(iv) Identity and Contact Data from third-party applications where the Services require the import of information about users and their clients to fulfil activities and facilitate payments.

4.2 If we solicit Personal Data, we will generally solicit it directly from the person it relates to or their agents, unless it is unreasonable or impracticable for us to do so. Where we collect Personal Data about you from a third party without your prior consent, we will take reasonable steps to inform you that we have collected Personal Data.

4.3 You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.

4.4 Where we need to collect Personal Data by law, or under the terms of a contract we have with you, and you fail to provide that information when requested or withdraw your consent to us processing your Personal Data (where applicable) we may not be able to perform the contract we have or are trying to enter with you. In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.

5. How we store and protect Personal Data

5.1 We prioritise the security of your Personal Data whilst it is in our possession. We may hold Personal Data in various forms, including but not limited to physical documents, electronic records, visual records, and audio recordings. Physical files are kept securely inside our access-controlled premises. Electronic files are stored securely on protected information systems and are only accessible through our secure network. We maintain physical security over our paper and electronic data stores, and confidentiality agreements form part of the employment contracts for all of our staff members and contractors.

5.2 We take reasonable steps to:

(a) ensure that Personal Data we collect is accurate, up-to-date, complete and relevant, other than where it is only collected to provide advice in respect of a particular point in time, in which case we will seek to ensure it is accurate, complete and relevant as at that particular point in time;

(b) ensure that Personal Data we use or disclose is accurate, up-to-date, complete and relevant, having regard to the purposes for which Personal Data is used or disclosed;

(c) protect Personal Data from misuse, interference, and loss, and from unauthorised access, modification, or disclosure; and

(d) destroy or de-identify Personal Data which we no longer need for the purposes for which it was collected, except where it is necessary to retain it in order to maintain ongoing records for our clients.

5.3 We cannot guarantee the security of information transmitted via the internet. As such, transmission of Personal Data via the internet is at your own risk and we cannot be held responsible for the security of such information.

5.4 We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable supervisory authority of a suspected data security breach where the Data Protection Laws in that jurisdiction require us to do so, and within the timeframe required by the relevant Data Protection Law.

6. How we use your Personal Data

6.1 We may collect, hold, use, and disclose your Personal Data for the following purposes:

(a) for the purpose(s) for which it was disclosed to or collected by us;

(b) facilitating interactions with you in the course of operating our business;

(c) responding to your enquiries and information requests;

(d) providing services (including the Services) to our customers if it was validly collected for that purpose;

(e) storing information at third-party data centres;

(f) updating your Personal Data;

(g) complying with our legal obligations;

(h) employing staff, including conducting criminal reference checks and other background checks permitted by law;

(i) for secondary purposes where it would be reasonable to expect us to do so, and that secondary purpose is related (or directly related in the case of Sensitive Information) to the primary purpose for which it was collected; and

(j) for any other purposes for which you have consented from time to time.

6.2 We may hire third parties to provide limited services on our behalf, such as processing payment transactions, or performing statistical analysis of our Services. We will only provide those third parties with the Personal Data they need to deliver the specific services and take reasonable steps to ensure that these third parties maintain the confidentiality of your information and are prohibited from using that information except for the purposes for which it was supplied.

6.3 OSW does not store Financial Data that is collected and processed for billing or payment purposes on servers and equipment it controls. This Personal Data is stored on servers and other equipment managed by the Payment Processors and Payment Facilitators as described under this Policy.

6.4 OSW may disclose your Personal Data, without your notice or prior consent, only for:

(a) Good Faith purposes where it is reasonably believed appropriate to disclose information to a party in connection with the deficient provision of our Services to you or users of our Services;

(b) Adherence to the law where it is required or in good faith reasonably believed that such action is necessary to comply with applicable law, codes of conduct or legal process served on us in relation to our business;

(c) Permitted contractors who provide licensed collection services, payment processing and are required to comply with our Privacy Policy, provided we take reasonable steps to ensure that these third parties maintain the confidentiality of your information and are prohibited from using that information except for the purposes for which it was supplied;

(d) Sale of business where we entirely, or in part, sell our business; and

(e) Protection of personal safety of users of our Services, Websites, our personnel, or the public in circumstances deemed extremely necessary.

6.5 Australia

(a) In Australia, the legal basis for our processing of Personal Data is your informed consent, and by submitting this Personal Data, you acknowledge having granted this consent to OSW.

(b) To the extent that we processed your Personal Data before the commencement date of the relevant Data Protection Laws in Australia, you consent to us continuing to process such Personal Data in accordance with this Privacy Policy.

6.6 CCPA

(a) The California Consumer Privacy Act (CCPA) provides California consumers with the right to request access to their Personal Data, additional details about our information practices and deletion of their Personal Data (subject to certain exceptions). California consumers also have the right to opt out of sales of Personal Data, if applicable.

(b) OSW describes how California consumers can exercise their rights under the CCPA below. Please note that you may designate an authorized agent to exercise these rights on your behalf by providing written materials demonstrating that you have granted the authorized agent power of attorney. Please note that if an authorized agent submits a request on your behalf, OSW may need to contact you to verify your identity and protect the security of your Personal Data.

(c) OSW will not fulfill your CCPA request unless you have provided sufficient information for OSW to reasonably verify you are the consumer about whom OSW collected Personal Data. OSW will not discriminate against you if you choose to exercise your rights under the CCPA.

(d) You may request, no more than twice in a twelve (12) month period, access to the specific pieces of Personal Data OSW has collected about you in the last twelve (12) months. You may also request additional details about our information practices, including the categories of Personal Data OSW has collected about you, the sources of such collection, the categories of Personal Data OSW shares for legitimate business or commercial purposes, and the categories of third parties with whom OSW shares your Personal Data. You may make these requests by contacting using the contact information provided below. After submitting your request, please monitor your email for a verification email. OSW is required by law to verify your identity prior to granting access to your data in order to protect your privacy and security.

(e) You may request, no more than twice in a twelve (12) month period, transportable copies of your Personal Data that OSW has collected about you in the last twelve (12) months. You may make these requests by contacting using the contact information provided below. After submitting your request, please monitor your email for a verification email. OSW is required by law to verify your identity prior to granting access to your data in order to protect your privacy and security.

(f) You may request that OSW deletes the Personal Data OSW has collected about you. Please note that OSW may retain certain information as required or permitted by applicable law. You may make these requests by contacting us using the contact information provided below. After submitting your request, please monitor your email for a verification email. OSW is required by law to verify your identity prior to granting access to your data in order to protect your privacy and security.

(g) California residents are entitled to ask us for a notice identifying the categories of Personal Data which OSW shares with our affiliates and/or third parties for marketing purposes and providing contact information for such affiliates and/or third parties. If you are a California resident and would like to exercise your rights under CCPA, please submit a written request using the information provided below. Our privacy team will examine your request and respond to you as quickly as possible.

7. Direct Marketing

7.1 We will only send you direct marketing communications and information via mail, email, and social media platforms about our Services with your consent.

7.2 If you do not provide your consent to receive direct marketing communications, you may opt-out of receiving marketing communications from us by contacting us at the details below or by using opt-out facilities provided in our communications.

7.3 We do not provide your Personal Data to other organisations for the purposes of their direct marketing. OSW’s practices in regard to its email are designed to be compliant with anti-spam laws, including Australia’s Spam Act 2003 and the American CAN-SPAM Act.

7.4 If you believe you have received mail in violation of these laws or any other anti-spam law, please contact us using the contact information in this Policy.

8. Unsolicited information

8.1 If you provide Personal Data that we have not requested, we will only retain it in limited circumstances. We will only retain the unsolicited information if it is reasonably necessary for us to provide you with the Services, and you have consented to the information being collected, or it was not practical or reasonable for us to obtain your consent under the circumstances.

8.2 If these conditions are not met, we will destroy the unsolicited information. If the unsolicited information we receive about you is Sensitive Information, we will always obtain your consent.

9. Overseas transfer of Personal Data

9.1 We share your Personal Data within OSW. This may involve transferring your data outside Australia, and the United States of America.

9.2 Whenever we transfer your Personal Data, this transfer will be completed with a requisite degree of protection.

9.3 In the following locations, we will use the safeguards listed that are applicable to your transfer of Personal Data:

(a) United States (California) - Your Personal Data will only be transferred to entities in the United States of America that: (1) have signed agreements with us or have notified us that they are GDPR-compliant; and (2) have concluded standard contractual clauses for the transfer of Personal Data; and

(b) Australia - We may transfer your Personal Data to entities in Australia, however we rely on binding corporate rules for OSW to protect your Personal Data.

9.4 We will attempt to ensure that persons to whom the disclosed Personal Data relates have comparable rights in relation to that information once disclosed overseas. Please note you have the right to refuse to have your Personal Data transferred overseas and you must contact our OSW privacy officer to make this request. However, you acknowledge that making this request may prevent you from being able to use part or all of our Services (as applicable).

10.Updating Personal Data

10.1 Unless otherwise provided in this Policy, it is important that your Personal Data is accurate and current. Please keep us notified of changes to your Personal Data during your relationship with our business.

11. Children’s privacy statement

11.1 OSW’s Websites and Services are not intended for persons under 18 years of age (‘Children’). We do not knowingly collect and use Personal Data from Children.

11.2 In the event we become aware of any inadvertent receipt of Personal Data from Children through the Websites or Services, we will delete such information from our records in accordance with applicable law.

12. Using our Websites and cookies

12.1 To improve your experience on our Websites, we may use ‘cookies’: small data files that are served by our platform and stored on your device. These are used by us or third parties for a variety of purposes including to operate and personalise the Websites. Cookies may be used for recording preferences, conducting internal analytics, conducting research to improve our offering, assisting with marketing and delivering certain website functionality.

12.2 You may refuse to accept cookies by selecting the appropriate setting on your internet browser. However, please note that if you do this, you may not be able to use the full functionality of our Websites.

13. Third-party sites

13.1 For your convenience and to improve the usage of the Website and Services we may insert links to third-party websites, applications, or resources, for which this Privacy Policy does not apply.

13.2 OSW is not responsible for those third-party websites, applications, or resources. If you access such websites, applications, or resources, you do so at your own risk, and we make no representations or warranties regarding third parties’ privacy practices. We encourage you to read the privacy statements/policies of every website, application, or resource you use.

13.3 When we do link to a third-party website, application, or resource, this does not automatically imply that OSW endorses that website, application, resources, and their contents. Our Privacy Policy does not cover the use of cookies by any third parties.

14. Data Retention

14.1 We will only retain your Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

14.2 To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means.

14.3 We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

14.4 In some circumstances you can ask us to delete your data, as set out in this Privacy Policy.

14.5 Where we anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes, we may use this information indefinitely without further notice to you.

15. Accessing or correcting your Personal Data

15.1 We are committed to maintaining accurate, timely, relevant, and appropriate information.

15.2 Where requested, we will provide you with a copy of the Personal Data that we hold which relates to you, provided that the request is made in accordance with the APPs (contained in the Act). We will also update any inaccurate information about you if you inform us that the information is inaccurate, out of date, incomplete, irrelevant, or misleading.

15.3 There are no charges for requesting access to or the correction of your Personal Data, however if the volume of information we hold is excessively large, we reserve our rights to charge you any reasonable administration fees (including fees for photocopying) associated with your request.

15.4 You can contact our OSW privacy officer regarding access to or correction of your information by the following method:

Email: meme.ong@osw.energy

15.5 We will respond to those requests within 30 days in accordance with our obligations under the Act. If we refuse a request to access or correct Personal Data, where reasonable, we will provide you our reasons for doing so and information about your ability to complain about such refusal.

15.6 To protect the confidentiality of your Personal Data, details of your information will only ever be passed on to you where we are satisfied that the information relates to you. Accordingly, we may request documentation from you which confirms your identity before passing on any Personal Data which relates to you.

16. Complaints

16.1 If you have a complaint about our Privacy Policy or the collection, use, disposal or destruction of your Personal Data, your complaint should be directed in the first instance to our OSW privacy officer at the details set out above.

16.2 We will investigate your complaint and attempt to resolve any breach that might have occurred in relation to the collection, use or destruction of Personal Data held by us about you in accordance with the Act. If you are not satisfied with the outcome of this process, then:

(a) if you are in Australia, you can make a complaint to the OAIC; and

(b) if you are in California, United States of America, we invite you to contact our OSW privacy officer.

If you are in the United States of America, you can contact the California Privacy Protection Agency. You can reach them by email (info@cppa.ca.gov).

16.3 If we cannot resolve your complaint to your reasonable satisfaction, within a reasonable time, either we or you may refer the complaint to the applicable Privacy Commissioner or supervisory authority as listed in clause 16.2.

17. Privacy Policy changes

17.1 The date at the top of this page indicates when this Privacy Policy was last updated. From time to time, we will have to update this Privacy Policy, and we will update it no less than once every 12 months.

17.2 You can always find the latest version of this Privacy Policy on our Websites at https://www.osw.energy/ and https://www.greendeal.com.au/ and it will apply to all your Personal Data held by us at that time. We will always post a notice on the Website if we make significant changes. If you have provided us with an email address as part of your interactions with OSW, we will also email you to tell you the Privacy Policy has been updated, and what the important changes are. Historic versions of this Privacy Policy can be obtained by contacting us.

17.3 We reserve the right to make amendments to this Privacy Policy at any time. Unless otherwise provided in this Privacy Policy, it is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.

18. Further Information

18.1 If you require any further information or have any queries regarding our Privacy Policy, please contact the relevant OSW representative at the details set out above. Should you wish to read more information on the AU Privacy Act, we recommend that you visit the website of the OAIC at www.oaic.gov.au.