Skip to content

Privacy Policy of Oxamii Pty Ltd


This privacy policy is the official Privacy Policy of Oxamii Pty Ltd (“Oxamii”, “we”, “us” or “our”) and sets out:

  1. our practices regarding the collection, use, processing, storage and disclosure of certain information, including your personal information, by Oxamii; and
  2. our commitment to protecting the privacy of your personal information that we collect through our website (the Site) or directly from you, being the person, organisation or entity that uses our Site (referred to as you or your).

Your privacy is important to us and we are committed to responsibly handling your personal data taking all reasonable steps to protect your information from misuse and to keep it secure in compliance with the Privacy Act 1988 (“Privacy Act”) and the EU General Data Protection Regulation (EU) 2016/679 (“GDPR”).

About Oxamii

We provide a means for our customers to purchase their electricity directly from local electricity generators of their choosing. Our customers are able to purchase their electricity from local electricity generators whose values align with theirs through a transparent marketplace. We believe in a sustainable energy future so all of the electricity generators on our platform generate electricity via renewable sources.


Your consent to this Privacy Policy is the legal basis upon which we can collect, use, store, process and disclose your personal information.

You acknowledge and agree that:

  • by clicking on the “I Agree” field (or any similar field or link designated to indicate your acceptance of this Privacy Policy) and using our Services, you are consenting to providing us with your personal information and agree to your personal information being collected, stored, used, processed and disclosed in accordance with this Privacy Policy;
  • you have had a sufficient opportunity to access and review this Privacy Policy and you have read this Privacy Policy (in its entirety) and agreed to its terms; and
  • you are 18 years of age or older.

If you do not wish to provide personal information to us, then you are not obliged to do so. However, please be aware that this will affect your use of any and all websites, platforms, applications, products or services (“Services”) offered by us.

We reserve the right to review, amend, update or change this Privacy Policy from time to time to reflect our practices and obligations under the law (including in respect of the General Data Projection Regulations). Any changes will take effect when they are made or posted on our website, platform or application and you are electronically notified of the same.


This Privacy Policy applies to:

  • all personal information that is collected, stored, used, processed and disclosed by us when you use our Services;
  • the use of personal information that is collected, stored, used, processed and disclosed when you participate in our events, promotions or contests or otherwise interact with us (e.g. through social media); and
  • how we process your personal information, who we might share it with and what controls and rights you have in respect of it.

If you do not agree to any of the provisions of this Privacy Policy, you must not use our Services or provide us with any personal information.

Personal Information we collect

Personal information has the meaning given to it under your local data protection laws and generally means information which relates to an individual who can be identified from that information.

Where practicable, we will give you the option of interacting with us anonymously or using a pseudonym. Generally, though, to provide you with the Services you have requested, it is necessary for us to collect personal information from you.

Information Types

The personal information that we collect from you may include:

  • full name (including any previous name(s));
  • business names and Australian Business Numbers(ABN))
  • address(es) (including any previous address(es));
  • date of birth;
  • email address;
  • telephone number(s);
  • national metering identifier (NMI) and energy retailer account numbers and bank account details (including your account name, account number and BSB);
  • electricity usage/consumption; and
  • other personal information that you agree to provide to us.

Other Information we collect

From time to time you may have the option to participate in surveys or other activities intended to improve the Services offered by us which may involve providing additional personal information. Your participation in such activities is subject to your consent.

In some cases, the personal information that we collect from you may include personal information that is considered to be sensitive information under your local data protection laws. We will only collect sensitive information in compliance with the local data protection laws and/or with your consent and/or where it is reasonably necessary for or directly related to the Services that you have requested from us. To the extent permitted by the local data protection laws you consent to us collecting that sensitive information for the purpose for which it was collected and being stored, used, processed and disclosed as set out in this Privacy Policy.

How we collect your Personal Information

We will only collect personal information through lawful and fair means and not in any unreasonably intrusive way. The ways we collect personal information include:

  • where you expressly provide this information to us;
  • from your interactions with us and/or our personnel (including feedback), including by telephone, text message, e-mail, social media, and in person;
  • from your use of our Services;
  • from the electronic devices you may use to access our Services (including information collected from your browser’s cookies); and
  • from your participation in surveys, reviews, contests or marketing promotions.

Whenever possible, we will collect your personal information directly from you. However, in some situations, we may also collect your personal information from a third party (eg a family member or other agent or representative).

By providing your personal information to a third party, you will be deemed to have authorised that third party to provide your personal information to us. We will rely on the authority of that third party and you will be deemed to have consented to your personal information being collected by us and being stored, used, processed and disclosed as set out in this Privacy Policy.

If you use our Services on behalf of another person, you agree that you have obtained that person’s authority to provide the personal information and their consent for us to collect, store, use, process and disclose their personal information in accordance with this Privacy Policy. You should let us know immediately if you become aware that your personal information has been provided to us by a third party without your consent or if you did not obtain consent before providing another person’s personal information to us.

Where we receive unsolicited personal information, we will determine, within a reasonable period of time, whether or not we would be permitted to collect that personal information. Where we are not permitted to do so, we will destroy that personal information or ensure it is de-identified as soon as practicable. Otherwise, we may collect, store, use, process and disclose that personal information in accordance with the terms of this Privacy Policy.

How we use your Personal Information

We use your personal information for the purpose for which it was provided to us, related purposes, purposes for which you consent, and as otherwise required or permitted by the local data protection laws. Such purposes include but are not limited to:

  • facilitating the Services that you have requested;
  • provision of information about any Services provided by us that may be relevant to you;
  • responding to your enquiries;
  • to identify you when you contact us;
  • processing payments you have authorized; and
  • any other purposes identified at the time of collecting your personal information.

In addition, you permit us to use your personal information:

  • where you have consented to the use or disclosure;
  • where we reasonably believe that use or disclosure is necessary to lessen or prevent a serious, immediate threat to someone's health or safety or the public's health or safety;
  • where we reasonably suspect that unlawful activity has been, is being or may be engaged in and the use or disclosure is a necessary part of our investigation or in reporting the matter to the relevant authorities;
  • where such use or disclosure is required under or authorised by law (for example, to comply with a subpoena, a warrant or other order of a court or legal process);
  • where we reasonably believe that use or disclosure is necessary for the prevention, investigation, prosecution and punishment of crimes or wrongdoings or the preparation for, or conduct of, proceedings before any court or tribunal (or the implementation of orders of a court or tribunal or on behalf of an enforcement body);
  • to develop and improve our (and our related entities’) business, products and services;
  • in servicing our relationship with you by creating and maintaining a customer profile or presenting options that we think may interest you based on your browsing and preferences and on your past use of the Services;
  • to involve you in market research, gauging customer satisfaction and seeking feedback;
  • to facilitate your participation in loyalty programs;
  • for research and analysis in relation to our (and our related entities’) business, products and services; and
  • for our internal accounting and administration.

Where permitted by local data protection laws, we may use your personal information to send you targeted electronic marketing and promotional communications related to our Services (and those of third parties) that we think may interest you, unless you have requested not to receive such information. We will only use your personal information for targeted electronic marketing and promotional communications if you have consented to it (which consent may be express or, where permitted by local data laws, inferred). You can opt out of receiving any targeted electronic marketing or promotional communications by following the unsubscribe prompt provided in the communication.

Only personnel who require access to your personal information will have access to it. This may include third parties.

Third party disclosure

By using our Services and/or by providing us with your personal information (or allowing another person to do so), you acknowledge and consent to us disclosing some or all of your personal information to third parties in accordance with this Privacy Policy and in accordance with local data protection laws. This includes disclosure of your personal information and details:

  • to payment service providers for any payments you make via the Services (we use a third party payment service provider that is required to take reasonable steps to protect your information);
  • to our contractors, suppliers and service providers including without limitation:
    • suppliers of IT based solutions that assist us in providing products and services to you;
    • distributors of electronic marketing and promotional communications;
    • marketing, market research, research and analysis and communications agencies;
    • energy generators, energy retailers and energy meter data providers; and
    • external business advisers;
  • to a person that uses the Services on your behalf and/or a person you have authorised;
  • in accordance with requirements or authorisations under applicable laws or to comply with our legal obligations; and
  • to any other persons contemplated by this Privacy Policy.

From time to time, we may also provide summarised or aggregate, non-identifiable data to third parties for the purposes of:

  • enhancing the services that we provide;
  • creating summaries and insights with respect to usage and interactions with energy projects; and
  • analysing and reporting on trends (including comparisons as against historical activities).

Without your consent, we will not disclose your personal information to any third party (except for those described above), unless such disclosure is required by local data protection laws or the GDPR and/or where we reasonably believe that it is necessary to lessen or prevent a threat to life, health or safety or for action to be undertaken by an enforcement body, or where allowed to do so in accordance with the local data protection laws.

At all times, the third parties that we disclose your personal information to:

  • are required to provide GDPR compliant services;
  • must take reasonable steps, to our satisfaction, to ensure that personal information disclosed by us is protected against misuse, interference, loss and unauthorized access, modification and disclosure;
  • must ensure that each of its employees who access, use or disclose personal information are aware of and comply with the obligations under this Privacy Policy when they are accessing, using or disclosing the personal information; and
  • must, if they become aware of any misuse, interference, loss, or unauthorized access, modification or disclosure of personal information disclosed by us, immediately notify us.

To the maximum extent provided by the relevant laws, we are not responsible or liable for the protection and privacy of any personal information which is provided to third parties. This means that, where your personal information has been disclosed, you accept and agree that the disclosed personal information will be held by third parties and may be used by them in accordance with the Privacy Act and any privacy policy they may have and in such circumstances, the third party recipient will be solely responsible for their use of this personal information.

Overseas disclosure

We may disclose your personal information to external service providers located overseas for some of the purposes listed in this Privacy Policy, including by disclosing information to our data hosting and Cloud-based IT service providers and other external service providers.

Where we do so, we take the steps referred to under clause 8 to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information.

Information Processing

Processing your personal information is lawfully undertaken by us:

  • in accordance with your consent;
  • by necessity for the performance of a contract to which you are a party or in taking steps for your entry into that contract;
  • to comply with our legal obligations;
  • for our legitimate interests and the legitimate interests of third parties, except where such interests are overridden by your interests or your fundamental rights and freedoms requiring the protection of your personal information subject to this Privacy Policy.

Storage and Security

We take all reasonable and lawful steps to keep personal information secure, accurate and up to date and only retain your personal information for as long as reasonably required to satisfy the purpose for which they were collected and used (unless a longer period is necessary for our legal obligations or to defend a legal claim). This means that:

  • personal information is stored on secure servers if in digital format, or in locked areas if in hardcopy format and these repositories are protected in controlled facilities (in some cases, these facilities may be located offshore and/or in cloud-based servers that have represented to us that they are GDPR compliant);
  • our employees and data processors are obliged to respect the confidentiality of any personal and/or sensitive information or data and receive training in personal information handling;
  • we only permit authorised personnel to access your information;
  • We encrypt, pseudonymise” personal information wherever possible; and
  • we ensure all personal details are de-identified and transferred anonymously before any information, which is stored securely, is provided to external organisations for data analysis or disclosed to any third parties (except where that disclosure is directly contemplated by this Privacy Policy.

We will take reasonable steps to protect your personal information as you transmit your information from your electronic device to us and to protect such information from loss, misuse, and unauthorised access, use, modification, disclosure, alteration, or destruction. However, electronic transmission of information is never completely secure or error-free. As a result, while we strive to protect users' personal information, we cannot ensure or warrant the security of any information electronically transmitted by a user, and users provide their personal information at their own risk. To the maximum extent provided by the relevant laws, we are not responsible or liable for the electronic transmission of personal information to us or to third parties.

Cookies and Geolocation Statement

A cookie is a small data file that is placed on your computer or mobile device when you visit a website. Website owners widely use cookies in order to make their websites work, or to work more efficiently, as well as to provide reporting information. We use cookies to:

  • personalise your visit to any websites operated by us (as a cookie allows a web server to ‘remember’ visitors on subsequent visits without having to prompt them for information previously supplied. A cookie can also remember courses previously viewed by a site visitor);
  • provide information about us to you while you browse; and
  • obtain non-identifying information about your demographic group and general interests.

Additionally, when you use our Services, we may collect information about the location from which that use occurred (this will be in accordance with the settings of your particular device). This location data may be used by us for the purposes of personalising messaging and or offers.

You may elect to disable cookies and/or geolocation sharing at any time. In such circumstances, you may still be able to utilise some of our Services (however, some functionality may be limited).

Subject Access Request

You may submit a user access request (Subject Access Request) at any time to request details of personal information that we hold about you. If we receive a Subject Access Request from you we will, within 30 days of your request, free of charge to you, provide you with disclosure of your personal data (as described in item 5.1 above) that we hold.

Your Data Protection Rights

  • Access: You have the right to request we provide you with a copy of personal information that we have collected from you. We may charge you a small fee for this service.
  • Rectification: You have the right to request we correct, amend or update any personal information you believe is inaccurate or incomplete.
  • Account Closure: If you have created an account with us, we will delete that account upon your request or within a reasonable time thereafter.
  • Erasure: You have the right to request that we erase or destroy your personal information in certain circumstances, including where you withdraw your consent, where your data is no longer required for collection purposes or where your personal information has been unlawfully processed;
  • Restrict Processing: You have the right to request that we restrict the processing of your personal information under certain conditions, including where processing is inconsistent with the reason for which the personal information was collected.
  • Object to Processing: You have the right to object to us processing your personal information under certain circumstances, including the right to object to profiling, automation and direct marketing.
  • Data Portability: You have the right to request we transfer your personal data (as described in item 5.1 above) that we have collected to another organization or directly to you, under certain circumstances.
  • Legitimate Interests: To the extent that we are relying on our legitimate interests to use your personal data, you also have the right to object to such use (unless we can either demonstrate compelling legitimate grounds for the use that override your interests, rights and freedoms, or where we need to process the data for the establishment, exercise or defence of legal claims).
  • Responses: Without undue delay and not later than within a month, we will respond to your request to invoke your rights consistent with applicable law.
  • Revocation: You may revoke your consent for receiving marketing communications at any time, free of charge by following the instructions in any marketing communication. You can also control these preferences in your profile settings. Where you indicate that you do not wish to receive marketing communications, we will stop sending you marketing communications.
  • Unsubscribe: You may unsubscribe from our database, or opt out of communications at any time. To do so, please contact us using the details below.
  • Questions: In case you may have a question or complaint about how we process your personal information, you can contact us by email. Alternatively, you may consider lodging a complaint with a supervisory data protection authority.


Our Privacy Policy will be reviewed from time to time to take into account the law (including in respect of the General Data Projection Regulations) and technologies, and changes to our operations and/or practices. Accordingly, we reserve the right to change, modify, add or remove portions of this Privacy Policy and will publish the revised version here on our Site. If we have collected your email information, we will notify you of such changes by way of email. By continuing to use, access or browse our Site following any changes to this Privacy Policy, you accept this Privacy Policy as it applies from time to time.


Formal complaints about a breach of this Privacy Policy must be made in writing. We reserve the right to request any supporting evidence and/or information to substantiate the complaint/breach.

If you are not satisfied with our determination, you can contact us to discuss your concerns or make a formal complaint.

Other Websites

The Services we operate may contain links to other websites (&quo;Third Party Links&quo;). We do not endorse such Third Party Links and are not responsible for any content contained therein. If you decide to access any Third Party Links, you do so entirely at your own risk.

Social Media

From time to time, our Services may utilise social media integrations and functionality. Where, these social media functions are incorporated into our Services, the features may be hosted and/or operated by a third party social media operator. By using this functionality, you agree and accept that we (and if applicable, the third party operator) may collect information with regard to your use of that functionality.

Additionally, where you have an account with a third party social media operator, you acknowledge that the third party operators may combine or integrate your use of our Services with your account.

In some circumstances:

  • the third party social media operators may share information with us in accordance with their own privacy policies; and
  • we may share your information with third party social media operators for the purposes of facilitating the service of targeted advertisements and marketing.

How to contact us

If you have any questions or concerns about this Privacy Policy or its implementation, or wish to contact us in relation to your data protection rights, you may contact our Data Protection Officer who is responsible for ensuring our compliance with this Privacy Policy:

Oxamii’s Data Protection Officer:
Name: Aaron Yew
Mailing address: Innovation & Collaboration Centre, University of South Australia,
Level 2, Cnr North Tce and Morphett St Bridge, Adelaide, SA, 5000
Email: [email protected]

Should you wish to read more information on privacy legislation or the Australian Privacy Principles we recommend that you visit the web-site of the office of the Australian Information Commissioner at

Privacy Policy of Circular Energy

About us

Circular Energy is a trading name of Maximum Energy Retail Pty Ltd (MER) which provides a wide range of energy and other products and services. This policy describes how we handle your personal information and credit related information.

You can find out more about Circular Energy on our website.

Your privacy

We keep your information safe. We aim to be clear and open about what we do with it.

We understand that your privacy is important to you, and we value your trust. That's why we protect your information and aim to be clear and open about what we do with it.

This policy describes how we handle your personal information and credit-related information.

Personal Information is information that identifies you or can be reasonably linked to your identity.

Credit-related information is information about how you manage your credit, the credit that you have applied for or obtained, your payment history and creditworthiness and the information contained in your credit file.

When we collect this information, we follow the obligations set out in the Privacy Act 1988 (Cth).

We update our privacy policy when our practices change. You can always find the most up-to-date version on our website.

What information do we collect?

We collect information about you when you interact with us. We may also collect information about you from other people and organisations.

We only collect your personal information when we need it to provide our products and services or to comply with the law. The kinds of information that we collect depends on how you interact with us. Here are some examples.

Information we collect from you

We collect the name and contact details (landline, mobile, email) of our customers and their authorised representatives as well as shareholders, business contacts, job applicants and contractors and others. We may also collect:

  • If you are a customer: Your date of birth, address (supply and mailing if different), address history (where relevant), concession details (where applicable), other forms of identification (such as driver's licence or passport), payment details, ABN (if applicable) and information about your property that you tell us and your use of our products and services including energy usage and consumption information. For example, how much energy you use and when you use it. We may also collect information about appliances used and the timing and efficiency of use where you have sensors or other technology installed.
  • If you are an authorised representative on another person's account: first name, last name, date of birth, telephone number, address and the relationship with our customer.
  • If you are a shareholder: Your tax file number, if you provide it.
  • If you apply for a job with us: Information that you provide about your right to work, employment history, qualifications and ability.
  • We collect information when you interact with us using the channels we make available to you - online, through our app, direct contact with our contact centre, social media, and using voice tools (including Amazon Alexa and Google Home).
  • If you give us personal information about other people, we will assume that they have agreed that you can do this.

Information we collect from others

When you get a quote to apply to open an account with us: Your credit history information.

We collect credit-related information from credit reporting bodies about you when you set up an account with us or when your account is in default. This information can be found on your credit file, including the fact that you have applied for credit, the amount and type of credit, details of your current and previous credit providers, start and end dates of credit arrangements, and information about listings on your credit file including defaults and court judgments.

We collect credit-related information from other Maximum Energy Group companies, from public sources, and from other third parties including government agencies such as the Australian Financial Security Authority which manages the National Personal Insolvency Index.

When you use our websites, mobile apps and platforms: Your IP address, device identifiers and information about how you use our websites such as session information and login attempts. We use web analytics services to do this. These services include: Google Analytics, Google AdSense, DoubleClick, Adobe or Microsoft.

When you participate in market research: Information about you and your responses from the service provider that conducted the research.

When you engage with our sales partners: Your name, address and contact details, so we can contact you about products you may be interested in.

If you are a business contact for our customers or service providers: Your name, job title and contact details.

If you are a shareholder: To comply with the law and manage your shares in MER, we may collect details about your investment from our shareholder register service provider. You can find more information on our Shareholder Services page on our website.

If you apply for a job with us: Professional background, qualifications and memberships, and references from your former employers. Where it is relevant to the role, we may also collect screening check information (such as background, medical, drugs and alcohol, criminal records, bankruptcy, directorship and company checks), and abilities testing, including psychometric testing.

Sensitive information

The Privacy Act protects your sensitive information, such as information about your health or ethnicity. Where we need this information for your account (for example, to ensure continuous service to your property or to assist with translation services), we'll ask for your permission - except where otherwise allowed by law.

How do we use your information?

We use your information to deliver our products and services, manage our business and comply with the law. We also use your information for other reasons, such as to better understand you and your needs.

We collect and use your information, so we can:

  • confirm your identity
  • provide you with the products and services that you have asked for
  • handle payments and refunds
  • communicate with you about your account
  • manage your credit arrangements with us
  • manage accounts that are overdue, including where we sell debt
  • respond to applications, questions, requests or complaints that you have made to us
  • maintain and update our records and carry out other administrative tasks
  • improve customer experience and do market research
  • if you are a shareholder, manage your shareholding
  • if you have applied to work with us, assess your application
  • investigate possible fraud and illegal activity
  • comply with laws, including assisting government agencies and law enforcement investigations, and
  • manage our business.

If we don't have your personal information, we may not be able to do these things. For example, we may not be able to deliver the products or services you have asked for or respond to your questions.

Direct marketing

We may also use your personal information to tell you about products or services that we think you might be interested in. We may send you marketing messages in various ways, including by mail, email, telephone, SMS, and digital marketing including advertising through our apps, websites, social media or third-party websites.

If you tell us how you would prefer to be contacted, we will contact you in that way where we can.

If you don't want to receive direct marketing messages, you can opt out by:

  • filling out a Do Not Contact form on our website
  • contacting our Customer Solutions Team (call 131 245, or see section 9 below), or
  • following the instructions in any marketing communication you receive from us (for example, using the 'unsubscribe' link in an email or responding to an SMS as instructed)

Please note that we may still send you important administrative and safety messages even if you opt out of receiving marketing communications.

The way we use data

We're always working to develop and improve our products and services, and improve our processes to ensure that they and we better meet your needs.

New technologies let us combine information we have about our customers and users with data from other sources, such as third-party websites or the Australian Bureau of Statistics.

We also collect information about people that does not identify them such as website and advertising analytics, and data from service providers.

We analyse this data to help us learn more about our customers and improve our products and services. Where we work with partners or service providers to do this, we do not pass on personal information about you.

Who do we share your information with?

We share your information for the purposes set out in section 4, with our service providers, and to comply with the law. When we do this, we take steps to keep your information safe.

We share your personal information with other people and companies where we need to for the purposes set out in section 4. This includes sharing:

  • with our installation, maintenance and fulfilment partners, so they can make installations and maintain products and services that we offer
  • with other energy companies and other companies (like those that own or operate poles and wires) that help us deliver our products and services, or to migrate your service if you change energy providers
  • with credit reporting agencies to process new applications, assess and manage applications for credit, manage overdue accounts, and review your creditworthiness
  • with insurance investigators
  • with people that you have asked us to give your information to, such as your authorised representatives or legal advisors
  • if you have applied to work with us, with your previous employers to confirm your work history
  • to comply with laws and assist government agencies and law enforcement.

We also share personal information with people and organisations that help us with our business, such as professional advisors, IT support, and corporate and administrative services including mercantile agents (including debt collectors) and debt buyers. We only do this where it's needed for those services to be provided to us. When we do this, we take steps that require our service providers to protect your information.

The credit reporting bodies we use include:

Equifax Australia (formerly Veda)
GPO Box 964
North Sydney NSW 2059
Phone: 13 83 32
Illion (credit reporting & default listing)(formerly Dun & Bradstreet)
PO Box 7405, St Kilda Rd
Melbourne VIC 3004
Online contact form
Phone: 13 23 33
Email: [email protected]
Experian Australia
GPO Box 1969
North Sydney NSW 2060
Phone: 1300 783 684
Email: [email protected]
GPO Box 276
Sydney NSW 2001
Phone: 1300 501 312

You can contact those credit reporting bodies or visit their websites to see their policies on the management of credit-related information, including details of how to access your credit-related information they hold. You have the right to request credit reporting bodies not to:

  • use your credit-related information to determine your eligibility to receive direct marketing from credit providers; and
  • use or disclose your credit-related information, if you have been or are likely to be a victim of fraud.

Circular Energy's website links to a number of third-party websites. We are not responsible for the privacy practices of these other sites. We recommend that individual's review the Privacy Policy and Credit Reporting Policy on these websites.

Sending personal information overseas

Some of our service providers are located or operate outside of Australia. Where we need to, we send them information so that they can provide us services. The countries where our service providers may be located are India, Indonesia, Fiji, New Zealand, the Philippines, South Africa, the USA, the UK and some member states within the European Union.

Keeping your information safe

We train our staff in how to keep your information safe and secure. We use secure systems and environments to hold your information. We only keep your information for as long as we need it.

We take steps in accordance with the Guide to Securing Personal Information published by the Office of the Information Commissioner, to secure our systems and the personal information we collect.

Here are some examples of the things we do to protect your information:

  • Staff obligations and training
  • We train our staff in how to keep your information safe and secure.
  • Our staff are required to keep your information secure at all times, and are bound by internal processes and policies that confirm this.
  • Access to personal information is controlled through access and identity management systems.
  • We have security professionals who monitor and respond to (potential) security events across our network.

System security

We store your information in secured systems which are in protected and resilient data centres.

We have technology that prevents malicious software or viruses and unauthorised persons from accessing our systems.

We also share non-personal information about how people use our websites with security service providers to ensure that our websites are protected.

Services providers and overseas transfers

When we send information overseas or use service providers that handle or store data, we require them to take steps to keep your information safe and use it appropriately.

We control where information is stored and who has access to it.

Building security

We use a mix of ID cards, alarms, cameras, guards and other controls to protect our offices and buildings.

Our websites and apps

When you log into our websites or app, we encrypt data sent from your computer or device to our system so no-one else can access it.

We partner with some well-known third parties as alternative ways to access your online account.

Destroying or de-identifying data when no longer required We aim to keep personal information only for as long as we need for our business or to comply with the law.

When we no longer need personal information, we take reasonable steps to destroy or de-identify it.

Accessing, updating and correcting your information

You can ask to see a copy of the personal information or credit-related information that we hold about you or ask us to update or correct it.

You can ask us for a copy of the personal information or credit-related information that we hold about you by contacting us. Before we give you your information, we will need to confirm your identity.

If you use “My Account” Online, you can also log in to access your billing information and update your contact and payment details. To access other information, you may need to contact us.

How can you contact us?

See below for contact details

How long will it take?

We try to make your information available within 30 days after you ask us for it. If it will take longer, we'll let you know.

Can we refuse to give you access?

In some cases, we can refuse access or only give you access to certain information. For example, we're not able to let you see information that is commercially sensitive. If we do this, we'll write to you explaining our decision.

Can you correct or update your information?

You can ask us to correct or update any of your personal information or credit-related information that we have. If we've given the information to another party, you can ask us to let them know it's incorrect.

If we don't think the information needs to be corrected, we'll let you know why. You can ask us to include a statement that says you believe our record about you is inaccurate, incomplete, misleading or out of date.

Making a privacy complaint

If you're concerned about how we've handled your information, let us know and we'll try to fix it. If you're not satisfied with how we handled your complaint, you can contact the Australian Privacy Commissioner.

How can you make a privacy complaint?

If you are concerned about your privacy or how we've handled your personal information, you can make a complaint and we'll try to fix it.

You can read more about how we handle complaints on our website. You can also read our Complaints and Dispute Resolution Policy.

How do we manage privacy complaints?

We will:

  • keep a record of your complaint
  • respond to you about your complaint and let you know how we will try to resolve it and how long that may take.

What else can you do?

If you're not satisfied with how we have managed your privacy complaint, you can contact your local Ombudsman at any time for advice or to make a complaint. The Ombudsman is independent, and their services are free.

Energy and Water Ombudsman NSW
Reply Paid 86550
Sydney South NSW 1234
Phone: 1800 246 545
Email: [email protected]
Energy and Water Ombudsman Victoria
Reply Paid 469
Melbourne VIC 8060
Phone: 1800 500 509
Email: [email protected]
Energy and Water Ombudsman Queensland
PO Box 3640
South Brisbane BC Qld 4101
Phone: 1800 662 837
Email: [email protected] or [email protected]
Energy and Water Ombudsman South Australia
GPO Box 2947
Adelaide SA 5001
Phone: 1800 665 565
Energy and Water Ombudsman Western Australia
PO Box Z5386
St Georges Terrace
Perth WA 6831
Phone: 1800 754 004
Email: [email protected]

You can also complain to the Australian Privacy Commissioner who can be found at the Office of the Australian Information Commissioner (OAIC).

Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Phone: 1300 363 992
Email: [email protected]

Contact us

To ask us a question, access your personal information, request a correction to your personal information, make a complaint, or get a printed copy of this policy, you can use our online enquiry form. Or you can contact our Customer Solutions team.

Circular Energy Customer Service
32 Unley Road Unley SA 5061
Phone: 1300 20 44 62
Email: [email protected]

If you need to contact us about something else, you can find out how on the Contact us page on our website.