Privacy Policy

Australian Food & Fibre (“AFF”) takes the privacy of our staff, customers, suppliers, and those who visit our website or engage with us seriously.

We have established this Privacy Policy  to communicate what information we collect and how that information is used and safeguarded.

1. Our obligations

AFF is bound by privacy laws in Australia, including:

  • the Australian Privacy Principles set out in the Australian Privacy Act 1988 (“Privacy Act”); and
  • the credit reporting provisions of the Privacy Act and the Credit Reporting Privacy Code 2014

(collectively the “Privacy Laws”).

Terms not defined in this policy have the same meaning given to them under the applicable Privacy Laws.

2. What information is collected?

 AFF may collect and hold the following personal information:

  • name, postal and email address;
  • date of birth;
  • gender;
  • occupation details, work history and referees;
    • employee records relating to the employment of the employee, including in relation to:
      • engagement, training, and discipline;
      • resignation and termination of employment;
      • terms and conditions of employment;
      • performance or conduct;
      • hours of employment;
      • remuneration package, including salary or wages and any other monetary or non‐monetary benefits;
      • membership of a professional or trade association or trade union;
      • leave and entitlements; and
      • taxation, banking and superannuation affairs;
    • contact details, including telephone numbers (landline and mobile) and emergency contacts;
    • qualifications and licencing, including driving licences and driving licence number;
      • citizenship or immigration status, including type of visa held and right to work in Australia;
    • information from your resume or job application if you apply for a job with us;
    • an Australian Business Number (ABN), Australian Company Number (ACN), registered business name, or other company information that relates to an individual;
      • payment and bank details;
      • credit card information;
    • credit history and other financial

AFF may also collect the following personal information which is classified as sensitive information under the Privacy Act:

  • racial or ethnic origin;
  • religious beliefs or affiliations;
  • political opinions, membership of a political association, and philosophical beliefs;
  • sexual orientation or practices;
  • membership of a professional or trade association;
  • membership of a trade union;
  • criminal record;
  • health information about an individual, including in relation to an illness, injury, health care and treatment, vaccination history and status, and fitness for

3. How is information collected?

The information we collect is information necessary for our business activities and based on our relationship with the individual. We obtain personal information through:

  • enquiries or feedback on our website or via email: this includes information the individual gives us including their name, contact details (such as phone, email or address), enquiry details, opinion of our products and records of their communications with us;
  • our Grower Portal: when an individual registers to access the information offered on the AFF Grower Portal, or when they upload, store, transmit, submit, exchange or make available personal information to or via this portal;
  • supply details: when an individual supplies a product or service to us, or we supply product or services to them;
  • credit related personal information: when AFF processes applications for credit including any personal guarantees, payment information and account login information;
  • social media: this includes any information which the individual shares with us that is part of their public profile on a third party social network, or information they create and share with us by posting it to one of our social networks;
  • recruitment and contractor engagements: this includes information an individual gives us if they apply for a job with us. For recruiting purposes and/or if we engage an individual as a contractor, it may be necessary for us to request sensitive information from the individual;
  • employees: this includes information that AFF receives about an individual that relates to their employment with AFF, which is generally exempt from the requirements of the Privacy Act;
  • third parties: generally speaking, AFF only collects personal information directly from the individual and our interactions with them in our business. However, AFF may obtain information from third parties, for example, businesses we acquire, and businesses we partner with for promotional purposes or third party institutions during consumer credit applications;
  • visitors and contractors: AFF manages visitor logs for all sites where personal information is collected directly from the individual. This includes name and contact details as well as information pertaining to the nature of the

Sometimes we ask an individual to voluntarily provide personally identifiable information. This information generally includes, but is not limited to, their name, e‐mail address, postal address, and telephone number. Wherever possible, AFF collects personal information from the person concerned with their (express or implied) consent, but we may obtain information about a person from others. Collection of information via third persons may take the form of details held by:

  • credit reporting bodies;
  • organisations that AFF has an arrangement with to jointly provide or offer products;
  • related entities to AFF;
  • third party referrals;
  • service providers engaged by AFF, including medical professionals engaged to provide medical assessment, certification, or vaccinations; and
  • government or regulatory bodies or

AFF does not collect any personally identifiable financial information. We do not intentionally collect information from children under the age of 13.

AFF may collect personally identifiable health information from employees, contractors, visitors and persons who enter its locations and any other persons from whom it is reasonably necessary to collect the information, where health information is reasonably necessary for, or directly related to, one of AFF’s functions or activities, including for the purposes of:

  • managing risks to the health and safety of our workforce and stakeholders;
  • determining the fitness for work of our employees and contractors;
  • ensuring the quality and safety of our products for AFF’s business operation, viability, and reputation;
  • meeting our contractual commitments with third parties; and / or
  • ensuring compliance with applicable laws to AFF or individuals with whom AFF has a relationship, including work health and safety laws and public health

4. Collection of unsolicited Personal Information

From time to time, AFF may receive personal information from others which was not solicited. If AFF receives unsolicited personal information, AFF is required to determine whether it could have collected the information in accordance with Australian Privacy Principle 3 dealing with the collection of solicited information. If this requirement cannot be met, AFF must destroy or de‐identify the information, if it is lawful and reasonable to do so. However, if AFF can satisfy Australian Privacy Principle 3, AFF may retain the personal information and handle it in accordance with this Privacy Policy and the Australian Privacy Principles.

5. How do we manage and protect Personal Information?

The personal information and credit related personal information we collect may be stored in:

  • computer systems;
  • electronic databases;
  • digital archives;
  • telephone systems and recordings; and
  • hard copy or paper

Privacy protection is an essential component of the operational requirements and business integrity at AFF. We must take all reasonable steps, and all employees must take all reasonable steps, to ensure that:

  • personal information held in paper or electronic form is safe and secure and that it is protected from misuse, interference, loss, unauthorised access, modification or disclosure; and
  • personal information is only used by employees or disclosed to other organisations to the extent necessary for AFF’s business.

We must take all reasonable steps to protect personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure. The ways we do this include:

  • limiting access to our premises and the information we collect;
  • requiring any third party providers to have acceptable security measures to keep personal information secure;
  • putting in place physical, electronic, and procedural safeguards in line with industry standards (ie. passwords, account management, firewalls, virus and intrusions detection etc); and
  • destroying or de‐identifying personal information pursuant to the law and our record retention policies.

6. How is the information used and disclosed?

Non‐personally identifiable information is collected to allow us to analyse how our website is used and to improve the content and service the website provides. Personally identifiable information is collected for analysis to improve the content of the website and the services we provide to our customers and suppliers.

AFF owns the collected information and must not sell, trade or rent the information to others. We may use the information to continue contact with an individual. This may include contact such as follow‐up calls, e‐ mail correspondence, or mail correspondence to follow‐up on the contact.

AFF may use and disclose personal information and credit related personal information for the following purposes:

  • Verification: we may use and disclose personal information to verify an individual’s identity when engaging with us;
  • Offers: we may use personal information to inform an individual about other products and services offered by us which we consider may be of interest;
  • Marketing: we may use and disclose personal information for any marketing, promotional, publicity or direct marketing that we or others may undertake. However, we must not do this by email (except as part of an email which facilitates, completes or confirms a transaction with an individual, or provides updates regarding the products and services we provide) unless we have that person’s consent. These emails must always include an “unsubscribe” facility;
  • Grower Portal: we may use your personal information to process your registration for the Grower Portal and to provide you with access to the information offered on the portal.
  • Legal requirements: we may disclose personal information to legal and accounting firms, auditors, contractors, consultants and other advisors for the purpose of administering, and advising on, our business and for associated actions, including third parties in some circumstances or mergers or acquisitions of our business;
  • Credit reporting: if a customer (whether corporate or an individual) applies for credit we will collect personal information and disclose personal information (and other information provided in connection with the credit application) to other credit providers, trade referees and credit rating service providers;
  • Service providers: at times we may engage third party companies to provide support for our various business functions including website hosting, cloud based providers and promotional agencies. Information may be accessed by those providers if necessary and on the basis that they comply with this Privacy Policy;
  • Employment: we may use and disclose personal information of an employee for the purposes of their employment relationship with AFF, AFF’s business requirements and reasonably expected secondary purposes (e.g. rostering, administration, payroll, finance, human resource management, and work health and safety management), participating in legal proceedings where employee records are relevant, and AFF’s compliance with laws (including in relation to employment, industrial, and work health and safety laws and public health orders);
  • Contracting or other services: we may use and disclose personal information for any contracting or other service provision for which the individual has given express or implied permission;
  • Other: we may use and disclose personal information for any other use associated with such purposes or for which the individual has given express or implied.

Employees must not use or disclose personal information (including in the manner identified above) unless given express permission to do so by an authorised AFF manager.

7. Overseas disclosures

AFF may transfer your personal information overseas to Canada, New Zealand and United Kingdom for governance and compliance reasons. This will likely occur by way of email. We will only do this in accordance with the Privacy Act.

8. Credit reporting policy

AFF provides certain goods and services to customers on commercial credit terms. AFF may need to handle personal information about customer credit worthiness in connection with those arrangements (“credit‐ related personal information”). Note that other sections of this Privacy Policy are also relevant to credit‐ related personal information including dealing with access, correction, complaints, cross‐border disclosures of personal information and how AFF collects and holds personal information. AFF may be subject to further obligations under the Privacy Act and to the extent applicable, the Privacy (Credit Reporting) Code (collectively, the “Privacy Law”), and this Policy is not intended to limit or exclude those obligations.

If a customer applies for customer credit with AFF, typically AFF will require that the directors of the customer provide a personal guarantee. Where an individual is guaranteeing the obligations of a credit applicant, we may request a credit report about them from a credit reporting body (“CRB”). We use these reports to assess the application and ability to repay credit. To obtain these reports, AFF will disclose credit related personal information so that the CRB can accurately identify the individual.

Collection of credit related personal information

We may, to the extent permitted under the Privacy Law collect, hold and disclose any types of credit‐ related personal information about a person, including:

  • name, sex, date of birth, driver’s licence number, employer name and three most recent addresses;
  • the fact that the person has applied for credit and the amount and type of credit limit;
  • confirmation of previous information requests to CRBs made by other credit providers, mortgage insurers and trade insurers;
  • details of the person’s credit providers;
  • start and end dates of credit arrangements and certain terms and conditions of those arrangements;
  • permitted payment default information, including information about related payment arrangements and subsequent repayment;
  • information about serious credit infringements (e.g. fraud);
  • information about adverse court judgments;
  • publicly available information about the person’s credit worthiness;
  • certain insolvency information from the National Personal Insolvency Index; and
  • any credit score or credit risk assessment indicating a CRB or credit provider’s analysis of your eligibility.

Use and disclosure of credit related personal information

Where we have collected credit‐related information about an individual from a CRB, we may use that information to produce our own assessments and ratings in respect of the relevant customer or prospective guarantor’s credit worthiness. AFF may exchange credit‐related personal information with CRBs as may be permitted under the Privacy Law to:

  • assist CRBs to maintain information about an individual to provide to other credit providers in order for credit assessments to be undertaken;
  • assess a credit application made by an individual or an application to be a guarantor;
  • manage credit; and
  • create assessments and ratings of credit

Under the Privacy Law, an individual has the right to request CRBs not to:

  • use their credit‐related personal information to determine their eligibility to receive direct marketing from credit providers; and
  • use or disclose their credit‐related personal information, if they have been or are likely to be a victim of

As with all personal information, employees must not use, disclose or seek personal information (including in the manner identified above) unless given express permission to do so by an authorised AFF manager.

9. Are “Cookies” used on the website?

“Cookies” are small pieces of information that are placed on a web user’s hard drive. We may use cookies to provide an individual with better service. Cookies are pieces of information that a website transfers to an individual’s computer’s hard disk for record‐keeping purposes. Cookies can make the website more useful by storing information about that person’s preferences for a particular site. The use of cookies is an industry standard, and many major websites use them to provide useful features for their customers.

Cookies in and of themselves do not personally identify users, although they do identify a user’s computer. Most browsers are initially set to accept cookies. If an individual prefers, they can set their browser to refuse cookies. However, if they do so they may not be able to take full advantage of the functionality of the AFF site.

10. Opting out of correspondence

We are committed to full compliance with the Spam Act 2003 (Cth). Based on the information an individual has provided, AFF may send email correspondence to that person. By subscribing to our email communications, or otherwise providing us with their email address and/or mobile number, they consent to receiving emails which promote and market our products and services, or the products and services of others, from time to time.

Each correspondence must contain an easy means to opt out of further correspondence by utilising the corresponding “unsubscribe” or “opt out” facility. Once an individual has unsubscribed from our email communications, we must remove them from the corresponding marketing list as soon as is reasonably practicable.

11. How does an individual access their personal information and update it?

An individual can ask us for access to the personal information, including health information, we hold about them. They can also ask us to update or change any personal information we hold about them, if that information is wrong, missing parts or out of date. They can also ask us to delete their personal information, which we will do unless we are legally required or otherwise permitted to continue storing your information.

AFF may deny a request to access personal information if it:

  • would pose a serious threat to the life, health or safety of any individual, or to public health or public safety;
  • would have an unreasonable impact on the privacy of other individuals;
  • is frivolous or vexatious;
  • seeks information that relates to existing or anticipated legal proceedings between AFF and the individual, and would not be accessible by the process of discovery in those proceedings;
  • would prejudice negotiations between AFF and the individual by revealing its intentions;
  • would be unlawful;
  • is required or authorised by or under an Australian law or a court or tribunal order;
  • would likely prejudice AFF taking appropriate action in relation to unlawful activity, or misconduct of a serious nature, that relates to its functions or activities;
  • would likely prejudice an enforcement related activity conducted by, or on behalf of, an enforcement body, as defined by the Privacy Act; or
  • would reveal evaluative information in connection with a commercially sensitive decision‐making process.

If a person wishes to request to access, update or delete personal information, you should advise them to email us at officeadmin@aff‐ or call us on (02) 6752 5795. We endeavour to respond as quickly as possible and within a reasonable period of time, but advise that if there are requests for large amounts of information we may need longer to respond.

12. How do people make complaints?

We take a person’s concerns about their personal information seriously. If a person has any concerns about privacy or the use or collection of their personal information by AFF, you should advise them to email us officeadmin@aff‐ or call us on (02) 6752 5795. We must respond as quickly as possible and handle all complaints in a way that is fair and consistent. If an individual is not satisfied with our response, they can make a formal complaint with the relevant privacy regulator:


Director of Compliance
Office of the Australian Information Commissioner
Phone: 1300 363 992
Mail: GPO Box 5218
Sydney NSW 2001

If you have a query about this policy or need more information please contact the office directly on (02) 6752 5795 or email h[email protected]

Review details

This policy was adopted by AFF on 27th September 2021

This policy was last updated on 27th September 2021

This policy is next to be updated 27th September 2023