Vault Privacy Policy

      1. Privacy Policy

Policy last updated: 14 March 2024

1. Purpose and nature

Vault Payment Solutions Group Pty Ltd (ACN 632 373 105) (‘Vault’, ‘We’ ‘Us’ and ‘Our’) hosts a digital platform that facilitates users to securely and efficiently issue and manage prepaid cards and other loyalty, rewards and gift cards (Vault Platform). Following issue of these cards, transactions can be made in-store, online or via an app, that allow the secure exchange of financial data between customers, merchants, and any certified payments processor and issuer of prepaid cards (‘Issuer’) We provide. The current issuers we work with is eNett International (Singapore) Pte. Ltd., registered in Singapore, Company No. 201717379M, AFSL 441376 (‘WEX’).

We collect your personal information so We can offer you the best possible service.

The purpose of this Privacy Policy is to inform you how We intend to collect, store, use, disclose, protect and otherwise handle your personal information in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (‘Privacy Act’). We understand that the privacy of your data is important to you.

We will only collect your personal information in a lawful and reasonable way that is non-invasive. When you provide Us with your personal information you consent to the use, disclosure and handling of that personal information in accordance with this Privacy Policy (as reasonably amended from time to time).

There may be occasions when We permit your personal information to be shared with a related entity, including Our related companies, an Issuer, business partners, other third parties and their respective employees, in order for them to supply the services from the Vault Platform or otherwise provide services to you. This includes the transfer to and storage of your personal information overseas, such as in the United States of America and Singapore. We will take reasonable steps to ensure that any overseas recipient will deal with your personal information in a way that is consistent with the APPs.

We do not make any representations, guarantees, warranties or promises as to the way in which We or our business partners (including an Issuer) will or may use, store, collect, dispose, protect or otherwise handle your personal information.

The WEX privacy policy can be accessed at:

2. Personal Information

“Personal information” is information or an opinion about someone, including things like name, address, email, address, date of birth or driver’s licence number where the person it is about is identified or reasonably identifiable.

We also collect financial information such as any bank or credit card details used to transact with Us and other information that allows Us to transact with You and/or provide You with our services.

3. Vault’s collection of your personal information

Your personal data is collected for the primary purpose of Us facilitating the issue and management of prepaid financial products, digital gift-cards and reward codes/coupons via the Vault Platform. When you use the Vault Platform to register for prepaid financial products, digital gift-cards and reward codes/coupons the information relating to the cards including your encoded gift card information is sent to the Issuer. This data is then processed by the Issuer and utilised to facilitate payment to a merchant for goods and services when authorised.

Your personal information may also be used by Us for authenticating users, administering, improving and personalising the Vault Platform, technological development, marketing, for anti-money laundering, counter-terrorism financing, detection of crime, legal compliance, and fraud prevention purposes, and supporting Our business functions.

We may also hold, use or disclose your personal information to:

a) Inform and address any complaint that you raise with Us and any subsequent legal action;

b) prevent and investigate any actual or suspected fraud, unlawful activity or misconduct;

c) establish your identity; or

d) comply with any relevant laws, regulations, codes of practice, requirements of regulatory authorities and court orders.

If you do not agree to allow Us to collect your personal information We may not be able to provide you goods or services.

4. Collecting and retaining your information

a) The types of personal information collected by Us include: Your name, address telephone number, email or other contact information:

b) prepaid card information;

c) rewards, loyalty and gift card information;

d) Vault Platform account information, including usernames and passwords;

e) your device data (E.g. IP addresses, phone numbers and mobile network operators);

f) location data;

g) transaction data.

No prepaid card numbers are retained on the Vault Platform. Only a portion of a unique identifier number is stored on the Vault Platform for the purpose of authentication by an Issuer.

Collection of sensitive information

We do not collect, use or disclose sensitive information. Sensitive information is characterised by law as an opinion as to an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.

Provided is it practical to do so We will collect personal information directly from you.

We may collect your personal information via any of channel of communication you use to contact Us. Where necessary We may also collect information about you from a third party including from Issuers. However, We will only do this in the event that it is not reasonable and practicable to collect the information from you directly. Where We collect your information from a third party, such personal information will be, used and disclosed by Us in accordance with this Privacy Policy.

Online data collection

Whenever anyone uses Our website We collect data about their visit. We use that data for various purposes, including improving and maintaining Our site’s usability and security. We may also collect information based on how you use Our website, by using ‘cookies’, web beacons and other similar technologies.

Unsolicited information

In the event that We receive information from you that We have not asked for and which is not necessary for Our provision of goods and services to you We will de-identify and destroy such information in a lawful manner (this includes any information received from a minor).

Direct Marketing

We continue to develop new products and services, and we may use your personal information to offer you products and services in which we think you might be interested.

5. Storing Personal Information

We take the security of your personal information seriously. In order to keep your personal information safe, We take reasonable steps to protect your personal information from misuse, loss and unauthorised access, modification or disclosure.

Whenever We store your personal information, We will always take proper steps to protect it, as detailed in Australia’s privacy legislation. When We no longer need your information, it will be destroyed, deleted or de-identified.

Although We will do Our best to keep your information safe, there always remains a risk of that information being compromised (e.g. by third party malicious or criminal attacks). You should always make sure to keep any personal and login details safe, and educate yourself on the best ways to safeguard your information, e.g. protect your card and banking details avoid sharing passwords and PINs and keep up to date with any security material provided to you.

6. Disclosure of your personal information

We will only disclose your personal information to third parties in the following circumstances:

a) to sub-contractors that provide services to Us to facilitate the services We provide to you;

b) to an Issuer, for purposes that may include establishing your identity, anti-money laundering, counter-terrorism financing, detection of crime, legal compliance, and fraud prevention purposes;

c) to Issuers for the purpose of processing of your transactions utilising a prepaid card; and

d) as otherwise may be required by Us to facilitate the completion and settlement of transactions using cards issued from the Vault Platform.

Merchants will not have access to your prepaid card details during a transaction. When your Personal Information is shared with service providers, financial institutions, or contractors, it will only be to the extent reasonably necessary for the purpose of the services they are contracted to provide to Vault.

We may disclose personal information outside of Australia to Issuers. When you provide your personal information to Us, you consent to the disclosure of your information outside of Australia and acknowledge that we are not required to ensure that overseas recipients handle that personal information in compliance with Australian Privacy Law. We will, however, take reasonable steps to ensure that any overseas recipient will deal with such personal information in a way that is consistent with the APPs.

7. Accessing and correcting your information

You can access or correct the personal information that We hold about you by calling or writing to Us by using the contact details set out below in clause 9. We will do Our best to respond to you within a reasonable time. In order to access or correct your information We will need to identify you.

There are some situations where We might refuse or limit, or be unable, to correct or provide you with access to information, such as when the information is commercially sensitive. If that happens, We will write to you and let you know why.

We will do Our best to keep your personal information accurate and up-to-date. If any of your details change, such as your name, address or phone number – please let Us know by using the contact details at clause 9.

8. Privacy issues and complaint resolution

If you have a complaint regarding Our use of your personal information, please contact Us by using the contact details set out in clause 9. We may ask you to address your complaint in writing to assist Our investigation.

We will do Our best to resolve the complaint as quickly as We can and We will provide you with an estimated response timeframe in relation to your complaint. We will endeavour to respond to your complaint within 7 days.

If a complaint remains unresolved, you may contact the Office of the Australian Information Commissioner (OAIC) at

9. How to contact us

If you have any questions about Our use and management of your personal information or this Privacy Policy please contact Us on:

Tel: (03) 9000 0012


Mail: Level 3, 367 Collins street Melbourne 3004

10. Changes to Privacy Policy

We may review and change this Privacy Policy at any time, so we encourage you to review this Privacy Policy from time to time. If We change this Privacy Policy, We will post an updated version on Our website to notify you of this change. By continuing to utilise Our services after any changes to the Privacy Policy, you will be deemed to have accepted those changes to the Privacy Policy.