Arrow ECS ANZ Website Privacy Policy

Arrow ECS Australia Pty Limited (ABN 70 006 687 056) and Arrow ECS New Zealand Limited its related bodies corporate (‘Arrow ECS ANZ’, ‘we’, ‘us’, ‘our’) understand the importance of protecting the privacy and the rights of individuals (‘you’, ‘your’) in relation to personal information. We respect your rights to privacy under the Privacy Act 1988 (Cth) (‘Act’) of Australia. It is our policy to comply with the requirements of the Act and the Australian Privacy Principles (‘APPs’) contained in the Act, in all activities of Arrow ECS ANZ involving the collection, management, use, storage, disclosure and handling of personal information.

This privacy policy (‘Privacy Policy’ or ‘Policy;) sets out how we and our related group of companies collect, use, disclose and manage your personal information as it relates to our operations in Australia.
When you engage us to provide you with any goods or services, apply or complete an application for commercial credit, communicate with us through email, by telephone, in writing, participate in any of our promotional activities, or use any of our other services, including our websites, you agree to the use and disclosure of your personal information in the manner described in this Policy.

This Policy is also relevant and applies to other individuals we deal with in connection with commercial credit we provide, such as guarantors and directors. We may from time to time review this Policy so please check our website periodically to stay informed of any updates. All personal information collected and held by us will be governed by the most recently updated Privacy Policy.

Collection of personal information

Personal information means information from which your identity is reasonably identifiable. This may include information or an opinion about you, whether true or not.

The kinds of personal information we may collect and hold will depend on what type of interaction you have with us. Personal information we may collect from you includes, among other things:

Sensitive information includes health information, criminal history and trade or professional association membership. We generally do not collect sensitive information, unless it is specifically relevant and necessary for the purpose of our business activities and functions. For example, if you are a contractor we are looking to engage to perform professional services, we may require criminal background checks of you or your staff. If we do collect and/or hold sensitive information, we will only do so with your express consent.

How do we collect personal information?

Your personal information is only collected by lawful and fair means and where practicable, only from you or from a person acting or authorised to act on your behalf, unless it is unreasonable or impracticable to do so.

When collecting personal information from you, we may collect in ways including:

We may also collect personal information about you from third parties including:

Some of the personal information we hold or deal with is not collected by us, but by customers and partners. For example, some of our vendors require that each purchase order have end user details (i.e. a contact name and number).

In respect of personal information which is provided to us by our customers and partners, we do seek assurances that all such personal information has been collected lawfully and in compliance with the Act.

Purposes for which we collect, hold and disclose your personal information

We may collect, hold, use or disclose your personal information for the following primary purposes:

We only collect commercial credit information, and do not generally collect consumer credit information. If we do collect an individual’s credit information, such as a sole trader applying for an account with us, it will always be in the context of commercial credit. Where you have applied for commercial credit account with us, we may also make enquiries in respect of commercial credit with third parties with your consent.

This could include persons nominated by you as trade references, credit reporting bodies (‘CRBs’) and your bankers.
We may also use your personal information for the other purposes related to those described above which would be reasonably expected by you.

We may combine or share any information that we collect from you with information collected by any of our related bodies corporate.

What happens if we can’t collect your personal information?

If you do not provide us with the personal information for the purposes described above, some or all of the following may happen:

Using our website

Our websites may use cookies in order to provide you with more customised service when browsing our website. ‘Cookies’ are small text files placed on computers to enable web systems to recognise users and collect information such as IP addresses. You can remove or disable cookies by adjusting your browser settings. However, if you do choose to do this you may not be able to access parts of our websites effectively.

We may use cookies for different purposes such as:

Our web server may collect the IP address of your computer when you visit our websites.
We provide links to third party websites. These websites are not under our control, and our Privacy Policy does not cover them. We advise you to examine the privacy policy of those linked websites before disclosing your personal information on them.

Security and storage of personal information

We take all reasonable steps to ensure your personal information is protected from misuse, loss and unauthorised access. Some of the measures we take include installing security and access requirements for all our IT systems, encrypting data and having physical and procedural safeguards. We may hold your information in either electronic or hardcopy form, and will take all reasonable steps to ensure personal information is destroyed or de-identified when no longer needed.

If a substantial data breach has or may have occurred (for example, your personal information was shared with unauthorised persons) we will notify you as soon as is practicable.
We only keep your personal information for as long as it is required for the purpose for which it was collected or as otherwise required by law. We will take appropriate measures to destroy or permanently de-identify your personal information if we no longer need to retain it. These measures may vary depending on the type of information concerned, the way it was collected and how it was stored.

Disclosure of personal information outside Australia

Your personal information may also be processed by, or disclosed to our employees, representatives, or other third parties operating outside of Australia who work for, or are engaged by us in other countries.
For example, we may disclose your personal information overseas to entities such as:

We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information.

Direct marketing and opt-in

We may send you direct marketing communications and information about our products and services that we consider may be of interest to you. You may opt-out of receiving marketing communications by contacting us or by using opt-out facilities if sent by email, and we will then ensure that your name is removed from our mailing list.

We will only offer you products or services where we reasonably believe that they could be of interest or benefit to you.
We do not provide your personal information to other organisations for the purposes of direct marketing.

Accurate and up-to-date information

We take reasonable steps to ensure your personal information is accurate, up-to-date and not misleading by updating our records whenever true and correct changes to the data come to our attention.

If you believe your information is incorrect, incomplete or not current, you can request that we update this information by contacting our Privacy Officer (details below).

We will correct information we hold about you if we discover, or you are able to show to a reasonable standard that the information is incorrect. If you seek correction and we disagree that the information is incorrect, we will provide you with our reasons for taking that view.

We disregard information that seems likely to be inaccurate or out-of-date by reason of the time that has elapsed since it was collected or by reason of any other information in our possession.

Accessing and correcting personal information

We acknowledge that you have a general right of access to information concerning you, and to have inaccurate information corrected. You are able to access the personal information we hold about you by contacting our Privacy Officer. If access is refused to your personal information for reasons permitted by the Privacy Act (e.g. access would interfere with the privacy of others, or if it would result in a breach of confidentiality), we will give you a notice explaining our decision and your options.

If you make an access request, we may ask you to verify your identity and put your request in writing for security reasons. We may charge a reasonable administration fee to cover the costs of meeting your request. We will reply to your request for access within 30 days of notification by you.

Government identifiers

We do not use or adopt government identifiers (e.g. tax file numbers or Medicare numbers) to identify individuals.


We take our compliance with the General Data Protection Regulation (GDPR) of the European Union seriously. If you have any questions as to how your personal data is being handled by us under the GDPR, please contact or contact our Privacy Officer using the details below.

Complaints and disputes

If you have reason to believe that we have not complied with our obligations relating to your personal information under this Privacy Policy or under the Act, please refer any complaint or queries to our Privacy Officer.
We will ensure your complaint is handled by our Privacy Officer in an appropriate and reasonable manner. Where necessary we may consult with our related entities and partners in order to deal with your complaint. A written notice of our decision regarding your complaint will be provided to you. If you are not satisfied with the outcome, then you may contact the Office of the Australian Privacy Commissioner:

Phone: 1300 363 992

Contact Us

If you have any questions about this Privacy Policy, concerns, or a complaint regarding the treatment of your personal information or a possible breach of privacy, please contact us here or send mail to:

The Privacy Officer
Arrow ECS Australia
Unit 6, 39 Herbert St
St Leonards, NSW 2065, Australia

We will treat your requests or complaints confidentially. Our representative will contact you within a reasonable time after receipt of your complaint, to discuss your concerns and outline options regarding how they may be resolved.

Changes to our Privacy Policy

We are constantly reviewing our Privacy Policy to reflect the way we operate as a business. As a result, this Privacy Policy may change from time to time.

Last updated: 22 May 2018


Arrow ECS ANZ Blog - Industry Insights

Read Now