Privacy Policy

Version 3, last updated 1 August 2025

1. Our commitment

We are committed to respecting your privacy in accordance with the Privacy Laws. This Policy sets out how we collect, use, store and disclose your personal information.

2. Definitions

In this Policy, the following words/phrases/abbreviations have the following meanings:

“APPs”	means the Australian Privacy Principles set out in the Privacy Act
“OAIC”	means Office of the Australian Information Commissioner, the Australian privacy regulator.
“personal information”	is defined in the Privacy Act and means information or an opinion about an identified individual, or an individual who is reasonably identifiable. For example, this may include your name, age, gender, postcode and contact details. It may also include financial information.
“Privacy Act”	means the Privacy Act 1988 (Cth)
“Privacy Laws”	together means: the Privacy Act and APPs; the Information Privacy Act 2014 (ACT) and the ACT Territory Privacy Principles (“TPPs”); and Privacy and Personal Information Protection Act 1988 (NSW).
“us”, “we” or “our”	means: Exchange for Change (NSW) Pty Ltd (ACN 620 512 469) (Scheme Coordinator for the NSW Container Deposit Scheme); and Exchange for Change (ACT) Pty Ltd (ACN 625 238 799) (Scheme Coordinator for the ACT Container Deposit Scheme), (together, the “NSW / ACT Container Deposit Schemes”), and their respective related bodies corporate.
“Websites”	means exchangeforchange.com.au, actcds.org.au and returnandearn.org.au

3. Your acknowledgement

By providing personal information to us, you understand that we will collect, use and disclose your personal information in accordance with this Policy and any other arrangements that apply between us. We may change this Policy from time to time by publishing changes to it on our website. We encourage you to check our website to ensure that you are aware of our current Privacy Policy.

Other privacy related notices and terms and conditions may apply to you such as privacy collection notices or privacy statements which may be provided to you at the time your personal information is collected by us.

4. Privacy legislation

Exchange for Change is subject to, and handles personal information in accordance with, the Privacy Act and the APPs. In addition, Exchange for Change has contractual obligations under its respective contractual agreements with the ACT and NSW Government, which in certain circumstances requires it to comply with certain aspects of the Privacy Laws.

5. What personal information do we collect?

You may interact with us in a variety of different ways and the types of personal information that we collect about you will depend on the type of dealings you have with us.

Generally speaking, the types of personal information that we may collect are set out in the Schedule to this Policy.

We endeavour to collect your information directly from you. However, in some circumstances, where authorised by you, we may collect your information from third parties, such as your employer or contracting organisations, a service provider or from a publicly available record.

In addition, if you apply for a job or position with us we may collect certain information from you (including your name, contact details, working history and relevant records checks) and from any recruitment consultant involved, your previous employers and others who may be able to provide information to us to assist in our decision on whether or not to make you an offer of employment or engage you under a contract.

In some cases, you may provide us with personal information which relates to another person (for example, an emergency contact, a job referee, a colleague/employee). If you do so, you agree that you have received permission from these individuals for us to collect, use, and share, their personal information in accordance with this Policy. You should also let them know about our Privacy Policy (including the information in this Policy).

The applicable privacy legislation to which we are subject (see Section 4 above) contain certain exemptions in relation to certain acts undertaken in relation to employee records and related bodies corporate. Where appropriate we make use of the relevant exemptions.

6. Can you deal with us without providing your personal information?

You are under no obligation to provide your personal information to us. We will provide individuals with the option of not identifying themselves, if it is lawful and practicable to do so. For example, you can access our Websites, make general phone queries or email us without having to identify yourself.

However, without certain information from you, we may not be able to provide you with our full scope of services or information that is tailored to you, and we may generally be limited in how we can interact with you. For example, if you do not provide your personal information as part of the recruitment process, we will be unable to progress your application for employment with us

7. Why do we collect, use and disclose personal information?

We collect personal information that is necessary to provide you with our services, and to carry out our business.

We do not use your personal information to carry out automated decision-making relating to you.

We may use your personal information for purposes which are incidental to provision of our services or for other purposes which are within your reasonable expectation or permitted by law.

The purpose for which we usually collect, store, and use your personal information depends on how you interact with us (for example, whether you are a beverage supplier registered with the NSW and/or ACT Container Deposit Scheme, or an individual consumer), but may include the following purposes:

primarily to fulfil our functions and responsibilities as the scheme coordinator under the Waste Avoidance and Resource Recovery Act 2001 (NSW) and the Waste Avoidance and Resource Recovery Act 2016 (ACT) respectively and to comply with our other legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties;

to facilitate your participation in the NSW / ACT Container Deposit Scheme including allowing you to supply, collect, deposit, receive payment for containers as part of the NSW / ACT Container Deposit Scheme as a beverage supplier, beverage exporter, material recovery facility operator, or network operator;

administer and manage your registration or account with the NSW / ACT Container Deposit Scheme as a beverage supplier or exporter, material recovery facility operator, or consumer;

to manage fees and administer billing (including administration of NSW / ACT Container Deposit Scheme payments and other third-party payment arrangements) and debt recovery;

to enable you to access and use, and for us to monitor your use of, our Websites and services;

to investigate any unauthorised or unacceptable use of the Websites or any content on the Websites;

to obtain feedback and to reply to feedback as well as to conduct research and surveys;

to operate, protect, improve and optimise our Websites, business and our users’ experience, such as to perform analytics, conduct research, complete reporting and for advertising and marketing;

to create de-identified or aggregate data for data analytics, reporting and/or reporting purposes;

to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you;

if you subscribe to an online mailing list, to send you marketing and promotional messages and other information that may be of interest to you, including information sent by, or on behalf of, our business partners that we think you may find interesting;

to manage your relationship with us and to do business with you on a commercial basis (including when you are a contractor, service provider or supplier to us);

to test, train and maintain information technology systems (including artificial intelligence tools);

to test, train, improve and develop our technology systems, products and services, including through the use of artificial intelligence tools;

to investigate any incidents that may occur (both in relation to cyber security, as well as any health and safety incidents that occur at our premises);

to handle and respond to any complaints made;

to consider your employment application and manage your working relationship with us; or

to investigate any fraudulent conduct or suspected fraudulent in connection with the scheme.

We may also disclose your personal information to a trusted third party who also holds other information about you. This third party may combine that information in order to enable it and us to develop anonymised consumer insights so that we can better understand your preferences and interests, personalise your experience and enhance the products and services that you receive.

We do not use or disclose your personal information to any person or organisation unless it is directly related to or reasonably necessary for, one of the purposes described above.

8. Do we use your personal information for direct marketing?

We may use and share your personal information to communicate with you for direct marketing purposes through various channels, such as via regular mail, email, SMS, telephone, push notifications or social media (including through targeted advertisements on certain websites, mobile applications and social media channels). We undertake direct marketing, to run promotions and competitions and share updates about our services as well as carefully curated news.

We will only send these communications in accordance with applicable privacy and marketing laws (such as the Privacy Act (including APP 7) and the Spam Act 2003 (Cth)), and only where you have not opted out from receiving such communications from us.

You may opt-out of receiving marketing materials as explained in Section 9 below.

9. How can you opt out?

You are always in control of the direct marketing communications which you receive and can opt-out at any time. Generally, you can opt out by following the relevant opt-out or unsubscribe instructions in the relevant communication (such as email or SMS message).

You can also contact us using the details set out below to tell us you would like to stop receiving direct marketing communications from us.

Importantly, regardless of whether you opt out from receiving any or all direct marketing communications, we will still communicate with you if we are required by law to provide you with information, or in relation to transactional or purely factual messages.

You can also visit Your Online, which is a website which allows you to do a blanket opt out for the organisations who have signed up to Your Online Choices in respect of targeted advertising based on your browsing history.

10. With whom do we share your personal information?

We may share your personal information with third parties:

for the purposes described in this Policy,

for other purposes explained at the time we collect your personal information; and/or

where we have otherwise received your consent, or the disclosure is required or authorised by law.

Some of the parties we may share your information with include the following:

our employees;

our related bodies corporate;

the New South Wales and ACT governments;

our scheme partners, including the New South Wales Environment Protection Authority and Tomra Cleanaway, ACT NoWaste, Transport Canberra and City Services, and Return It (Canberra);

Scheme Coordinators in other jurisdictions in Australia with Corresponding Law as defined in the Waste Avoidance and Resource Recovery Act 2001 (NSW) to facilitate national harmonisation activities;

third-party suppliers and service providers we use for our Websites, mobile applications and/or our business in connection with providing our products and services to you. These may include IT service providers and third-party storage providers, marketing and communications agencies and data analysis organisations;

professional advisers, dealers and agents;

consultants and contractors;

payment systems operators (eg merchants receiving card payments);

our existing or potential agents, business partners or partners;

anyone to whom our assets or businesses (or any part of them) are transferred;

specific third parties authorised by you to receive information held by us;

your nominated job referees, to validate details you have provided us with including your resume, qualifications, experience, training or abilities;

other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law; and/or

other persons, as necessary to facilitate our dealings with you.

11. Do we share your personal information overseas?

We generally collect your personal information in Australia. However, it is likely that we will share your personal information outside the state or territory you are in or outside Australia, to overseas recipients located in Germany, Ireland, Japan, the Netherlands, Pakistan and the United States of America. These recipients include our service providers who may handle, process or store your personal information on our behalf.

For example, we may share your personal information with service providers who assist us with storing our data on secure data storage servers, or with providing and improving our products and services (including our service providers: Adobe, AVEC Global, DocuSign, Dropbox, EFEX, Employment Hero, LinkedIn, Microsoft, Oracle and Seek).

There are other circumstances where we may disclose your personal information to an overseas recipient. For example, where we are otherwise permitted to do so under other relevant laws.

We only ever share your personal information outside of the state or territory you are in or Australia where we are permitted to do so under the applicable Privacy Laws. Generally, this means we will take reasonable steps to ensure your personal information is treated securely and in accordance with applicable Privacy Laws.

12. Using our website, cookies, pixels and other online tracking technologies

We may collect statistical information when you access and use our Websites and any online platforms and applications made available by us, by utilising features and technologies of your internet browser, including cookies and tracking pixels. We use these tracking technologies for a variety of purposes, including to:

collect data about our website traffic;

analyse how our Websites are being used;

remember your preferences;

improve our Websites; and

provide more user friendly Websites and online services.

This information does not identify you personally unless you otherwise provide personal information to us that enables identification. As such, information collected through these tracking technologies (including information about your use of our Websites, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer) may be personal information.

Cookies

Cookies are small files that store information on your computer, TV, mobile phone or other devices. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions.

We may also use cookies to enable us to collect data that may include personal information. For example, where a cookie is linked to your account, it will be considered personal information under the Privacy Act. We will handle any personal information collected by cookies in the same way that we handle all other personal information as described in this Policy.

Tracking pixels

A tracking pixel is a piece of code that a business or third-party provider can place on its website or in email to collect information about a users’ activity, including the site pages they visit, time spent on each page, IP address, and/or form inputs (as relevant). When users visit pages with pixels, the pixel “loads” and send the information it is designed to collect back to the server of e.g. in the case of third-party pixels this would be to the third-party service provider.

Opting out

You can disable cookies through your internet browser but our Websites may not work as intended for you if you do so. To change your web browser preferences, please visit the relevant preferences or settings page on your browser and amend the privacy settings in relation to cookies and site data. It may be necessary for you to opt out separately from each device and browser that you use to access online content.

Provider	Description
Meta Platforms Inc	If you use Facebook, Instagram, Threads or any other platforms or networks owned or used by Meta, you can generally adjust your ‘ad preferences’ in the account settings of the respective platform that you access and see ads in.
Alphabet Inc	If you use YouTube, Google or any other platforms owned by Alphabet, you can manage how tracking technologies are used by checking your browser or account settings and adjusting your ‘privacy & safety’ and ‘search personalisation’ settings.

When you opt out of receiving targeted ads, this information is usually saved on a cookie. This means that if you clear your cookies, you will have to opt out again.

13. Links to other websites

Our Websites may contain links to websites or mobile applications (such as the Return and Earn App) operated by third parties, including our partners, associates or independent third parties. Those links and mobile applications are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites or mobile applications, and have no control over or rights in those linked websites. The privacy policies and relevant privacy collection notices that apply to those other websites and mobile applications may differ substantially from our Policy and collection notices, so we encourage you to read them before using those websites.

14. Security

We may hold your personal information in either electronic or hard copy form. We take reasonable steps to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your personal information in the following ways:

In addition to opting out of cookies via your browser, you can opt out of the following third-party analytical tools we use via the instructions available at the links below:

Storage of personal information
Form	Explanation
Paper-based files	We store paper-based files of personal information in secure storage. Personal information may be collected in paper-based form and then converted to electronic form for use or storage. We maintain physical security measures to ensure that personal information in paper-based files is protected, such as by way of physical locks and security systems at our premises.
Electronic records	We store electronic records in secure databases, using trusted third party service providers. We also maintain physical security measures in relation to the storage of our electronic records (such as through locks and security systems at our electronic data stores. We also use encryption technologies, and deploy anti-malware and anti-virus software to protect electronic records. However, we cannot guarantee the security of your personal information transmitted over the internet, as online data transmission is not totally secure, given the prevalence of interception or hacking of data by unauthorised third parties.
Our Websites and Apps	Our Websites and Apps use encryption or other technologies to ensure that your personal information is securely transmitted online.We encourage you to exercise care when sending your personal information via the internet.

15. Accessing or correcting your personal information

You are entitled to request access to any of your personal information held by us and you can access the personal information we hold about you by contacting us using the information below. We may need to verify your identity when you request your personal information.

We will take reasonable steps to ensure the personal information we collect, use or disclose is accurate having regard to the purpose of use and disclosure. If you think that any personal information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us and we will take reasonable steps to ensure that it is corrected.

We will respond to your requests for access and/or correction within 30 days. We may decline your request to access or correct your personal information in certain circumstances in accordance with applicable privacy laws, however if we do so, we will provide you with written reasons for the refusal and details of complaint mechanisms.

If you are dissatisfied with our refusal to grant you access to, or correct your, personal information, you can complain to us using the contact details set out below.

We can only correct and/or provide you with access to information that we hold. If you want to correct and/or access information held about you by other parties such as the NSW or ACT governments, you are entitled to do so and should direct your request to them.

16. Making a complaint

If you wish to make a complaint about the way we have handled your personal information, you can contact us using the details provided below. Please include your name, email address and/or telephone number and clearly describe your complaint.

If you make a complaint about privacy, the following will occur:

No.	Steps
	We will first consider your complaint to determine whether there are simple or immediate steps which can be taken to resolve the complaint. We will generally acknowledge your complaint within a week. We may notify the ACT and NSW governments of your complaint; however, we will not disclose personal information in connection with the complaint unless we have your consent to do so. Following this notification, the ACT or NSW government may take responsibility for progressing and resolving your complaint in accordance with their complaints handling process instead of the process set out in this Policy. If not, we will respond to you complaint in accordance with the process set out here.
	If your complaint requires more detailed consideration or investigation: we will acknowledge receipt of your complaint within a week and endeavour to complete our investigation into your complaint promptly; and we may ask you to provide further information about your complaint and the outcome you are seeking. If your initial complaint was not written, we may ask you to submit your complaint in writing.
	We will then typically gather relevant facts, locate and review relevant documents and speak with any individuals involved.
	In most cases, we will respond to your complaint within 30 days from when we receive your complaint. If the matter is more complex or our investigation may take longer, we will let you know, and tell you when we expect to provide our response.

If you think that we have failed to resolve the complaint satisfactorily, or consider that we may have breached the relevant Privacy Laws, you are entitled to make a complaint to the OAIC.

The OIAC can be contacted by telephone on 1300 363 992, or you can fill out its online privacy complaint form to make a complaint about our handling of your personal information. Full contact details for the Office of the Australian Information Commissioner and details of its complaints procedure can be found online at www.oaic.gov.au.

17. Publication and Communication 

This Policy is published on our Intranet and Websites (including www.exchangeforchange.com.au, actcds.org.au and www.returnandearn.com.au).

18. Contacting us

For further information about our Policy or practices, or to access or correct your personal information, or make a complaint, please contact us using the details set out below:

Customer Service Exchange for Change

PO Box 3414, Rhodes NSW 2138

Phone:  1800 813 887

Email:  customersupport@exchangeforchange.com.au

Schedule – Types of personal information

With reference to Section 5 of this Policy, generally speaking, we may collect the following types of personal information:

Types of personal information	What this includes	How do we collect this information?
Personal and contact details	This may include your: full name; date of birth; mailing or street addresses; email address telephone number and other contact details; and/or Signature.	We may collect this information: directly from you when you communicate with us through correspondence, chats, email, and/or in person; when you register to use our online services; when you register your participation or create an account with the NSW / ACT Container Deposit Scheme as a beverage supplier or exporter, or consumer; if you are a material recovery facility operator and complete monthly reporting for all processed containers or submit a processing refund claim via our portal located on the exchange.forchange.com.au website; when you share information with us from other social applications, services or websites; if you apply for a position with us; when you subscribe to a mailing lists on any of the websites we operate (including exchangeforchange.com.au, actcds.org.au and returnandearn.org.au (together the Websites)); and communicate with us during competitions, special events and promotion.
Copies of Photo identity documents	This may include copies of: your drivers’ licence; your passport; and/or other similar identity information. In addition, we undertake a search of ASICsearches and download ASIC register extracts to confirm entity details. These extracts may contain: names and addresses of past and present directors and company secretaries names and shareholdings of past and present shareholders which may include individuals.	We may collect this information directly from you to verify your identity if you are a representative of a beveragesupplier. In addition, we undertake a search of ASIC searches and download ASIC register extracts to confirm entity details . This may include personal informationwith respect to past and present directors and shareholders.
Financial Details	This may include your: bank account details; and/or credit card information	We may collect this information when you: register your participation or create an account with the NSW / ACT Container Deposit Scheme as a beverage supplier or exporter, or material recovery facility operator; or provide such information to us for payment purposes, if you are an employee or contractor.
‘Return and Earn’ mobile application user information	This may include your: name; email address; phone number; PayPal or bank details; location and/or the location where you made returns; unique barcode identifier linked to youraccount; information about returns you made; and/or other information you input or that is generated about you when you use the ‘Return and Earn’ branded mobile application (Return and Earn App), made available for download by Tomra Cleanaway Pty Limited, to return eligible containers at collection points, receive refund amounts or check the location and/or status of the nearest return point.	We collect this information about Return and Earn App users indirectly from Tomra Cleanaway Pty Limitedfor the limited purpose of conducting research and fulfilling our reporting obligations in relation to the Container Deposit Schemes.
Employee and workplace information including surveillance	This may include: details of your employment history; information about your education, qualifications and certifications; your tax file number (TFN); your preferred superannuation fund details your working eligibility rights; your suitability for the role you are applying for; your curriculum vitae details about your referees; details of any workers compensation claims you have made; health information and medical test results –this is sensitive information; records of disciplinary investigations and incident reports –this may include sensitiveinformation; details of leave you have applied for or been approved to take –this may include sensitive information, for example sick leave details which is health information; Centrelink information; Information about your use of our systems and devices; and/or other information provided as part of our recruitment process.	We may collect this information directly from you through our recruitment process when you apply for a position with us, or otherwise during the course of your employment or time working with us. We may also collect this information about you indirectly from third parties, for example: third-party recruitment service providers we use; your referees and/or previous employers’ educational institutions and/or professional registration authorities; medical practitioners; Centrelink; and/or third party service providers we use as part of the recruitment process. When you are working with us, we may collection this information through work issued systems and devices.
Background check information	This may include: national police check information (if applicable) –this may include sensitive information, such as if you have a criminal record or visa information. Integrity: checking of Curriculum Vitae for unexplained gaps Character reference checks, and other similar checks.	We may collect this information directly from you through our recruitment process, when you apply for a position with us, or otherwise during your employment. We may also collect this information: from third parties (for example, verification providers, referees, previous employers, professional registration authorities, or our contractors that employ you); and/or publicly available information (for example, court decisions).
Other types of information collected during our interactions	This includes details of your interactions with us, for example: information you provide us when you make an enquiry or complaint. details of the services we have provided to you or that you have enquired about, including any additional information necessary to deliver those products and services and respond to yourenquiries; any additional information relating to you that you provide to us directly through our Websites or, mobile applications we manage, your online presence or through other websites or accounts from which you permit us to collect information; and any other personal information that may be required in order to facilitate your dealings with us.	We may collect this information: when you speak to us in person or on the phone; when you use our online services (such as our Websites, mobile applications we manageor our social media channels); when you use our online portal; when you make an enquiry, provide feedback, or make a complaint (via phone, email, social media or in person); interact with our Websites, webforms, services, content and advertising; in your responses to customer satisfaction, research surveys and similar activities; and when you communicate with us during competitions,special events and promotions.
Online and digital services information (including behavioural information)	We may collect information electronically, which may include: network and device information (such as your device ID, device type and IP address); standard web log/browsing information, including information about how you interact with our Websites, pages you visit and your session information; geo-location information, computer and connectioninformation; web form inputs, such as your name, email address and phone number; and other information collected via cookies and/or online tracking technologies (such as tracking pixels), including statistics on page views, traffic to and from the sites, ad data, etc. Please see the ‘Using our website, cookies and other online tracking technologies’ section below for further information on the digital information we collect and when it may become personal information.	We may collect this information: when you use our online services (such as exchangeforchange.com.au, returnandearn.org.au, actcds.org.au or our social media channels); via online behavioural technologies, such as cookies; or when you interact with our Websites, webforms, services, content and advertising.
Company and position information	This may include: company information such as you company’s ABN or ACN and director details; ASIC search results; and/or information about your company’s employees,contractors or suppliers.	We may collect this information from you as part of our supplier onboarding process if you are a current or prospective supplier, or from publicly available sources such as ASIC.
Call and Video/Online Conferencing recording information	This may include the voice recording, time, date, number and name of individuals on the call, or a video/online conferencing call.We will notify you before we record any calls.	We may collect this information in circumstances where wemonitor and record our call with you, when we call you, you call us or leave a voicemail through the phone, or a Video/Online Conferencing call. We will let you know if we are going to record call information.
Camera surveillance	We may collect camera surveillance information which includes photographs or video recordings of people attending our office.	We may collect this information in circumstances where we use camera surveillance (e.g. CCTV) at our office premises for safety and security and you attend our offices in person.
Unsolicited information	Unsolicited personal information is personal information we receive that we have taken no active steps to collect.	We may collect this information directly from you. Please note that we may keep records of unsolicited personal information to the extent we are permitted to do so under the Privacy Laws. If we are not permitted to keep this information, we will destroy or de-identify the information as soon as practicable, provided it is lawful and reasonable for us to do so.

For general enquiries call

Book a collection