Privacy Policy
Lenergy Privacy Policy
Lenergy Pty Ltd — ABN 25 639 077 393
1. Introduction
1.1 Lenergy Pty Ltd (ABN 25 639 077 393; ACN 639 077 393) trading as Lenergy (We, Us, Our) is committed to protecting the privacy of the individuals whose Personal Information We handle.
1.2 This Privacy Policy explains how We collect, hold, use and disclose Personal Information, and how You can access or correct the Personal Information We hold about You or make a complaint about Our handling of it.
1.3 We are bound by the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs) set out in that Act. This Policy describes Our practices in accordance with those obligations.
1.4 This Policy applies to Personal Information We collect about Our customers, prospective customers, suppliers, contractors, website visitors and other individuals We deal with. It does not apply to acts or practices of Lenergy that are directly related to a current or former employment relationship between Us and an employee, which are exempt from the APPs under section 7B(3) of the Privacy Act.
1.5 By providing Personal Information to Us, or by continuing to engage with Us, You acknowledge that You have read and understood this Policy.
2. Defined terms
2.1 In this Policy:
APPs means the Australian Privacy Principles set out in Schedule 1 to the Privacy Act.
OAIC means the Office of the Australian Information Commissioner.
Personal Information has the meaning given in section 6 of the Privacy Act. In broad terms, it means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether or not the information or opinion is true and whether or not it is recorded in a material form.
Privacy Act means the Privacy Act 1988 (Cth).
Sensitive Information has the meaning given in section 6 of the Privacy Act, and includes information about an individual’s health, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, criminal record, and certain other categories.
STC means a small-scale technology certificate created under the Renewable Energy (Electricity) Act 2000 (Cth).
We, Us and Our mean Lenergy Pty Ltd (ABN 25 639 077 393).
You and Your mean the individual to whom the Personal Information relates.
3. The Personal Information We collect
3.1 The types of Personal Information We collect depend on the nature of Your dealings with Us. They include:
(a) Contact and identity information: name, residential and postal address, email address, telephone numbers, and (where You apply for finance through Us) date of birth, driver licence details and other identity verification information.
(b) Property information: the address of the premises where solar, battery, EV charging or related equipment is to be quoted, installed or maintained; photographs and video of the premises, switchboard, meter and roof taken during quoting, design and installation; and the National Meter Identifier (NMI) and other supply-point information drawn from Your electricity bill.
(c) Energy usage information: historical electricity consumption data from bills You provide, and ongoing production and consumption telemetry from inverters, batteries and monitoring systems installed at Your premises (which We can access on a continuous basis through the manufacturer’s monitoring platform).
(d) Contract and transaction information: details of the products and services You have purchased or enquired about, quotes, contracts, scheduling and installation records, warranty registration details, service and maintenance records, and payment records. Card payments are processed through a third-party payment platform; We do not store full card numbers.
(e) Finance application information: where You apply for finance through Us (including HEUF Green Loans offered by Brighte and Plenti), the financial and personal information required to complete the application, which We transcribe directly into the relevant finance provider’s portal during a recorded telephone call. This may include income, employment, expenses, household composition, and identity verification information.
(f) Information about other individuals: where You provide information about other people in connection with Our services (for example, a co-owner or co-occupant of the premises), We collect that information from You.
(g) Communications and call recordings: the content of emails, SMS, web form submissions, social media messages and telephone calls between You and Us, including recordings of telephone calls (see Section 9).
(h) Marketing engagement information: Your responses to Our marketing communications, including opens, clicks and unsubscribes, and Your interactions with Our website and social media advertising.
(i) Website and device information: information about Your visits to Our website, including IP address, browser type, pages viewed, referring URLs, and information collected through cookies, analytics tools (including Google Analytics) and advertising pixels (including the Meta Pixel). See Section 10.
(j) Information about contractors and supplier contacts: name, business contact details and (for subcontract installers) credentials, accreditation and insurance information. Where We deal with You as a contact at another organisation, We handle Your business contact information in accordance with this Policy.
3.2 We do not, in the ordinary course of Our business, collect Sensitive Information (as defined in the Privacy Act). If You volunteer Sensitive Information to Us, We will handle it in accordance with APP 3.3 — that is, only with Your consent and only where it is reasonably necessary for one or more of Our functions or activities.
3.3 We do not seek to collect Personal Information about You that We do not need. If You provide Us with Personal Information about another individual, You should ensure that individual is aware of this Policy.
4. How We collect Personal Information
4.1 We collect Personal Information directly from You wherever it is reasonable and practicable to do so.
4.2 We collect Personal Information directly from You through:
(a) enquiries and quote requests You submit through Our website;
(b) telephone calls between You and Us (which are recorded — see Section 9);
(c) emails, SMS and other written communications between You and Us;
(d) in-person discussions during site assessments, installations and service visits;
(e) social media direct messages and responses to Our social media advertising;
(f) finance applications completed with You over the telephone, where We transcribe the information You provide into the relevant finance provider’s portal;
(g) photographs and video taken at Your premises during quoting, design and installation;
(h) inverters, batteries and monitoring equipment installed at Your premises, which transmit production and consumption data to the manufacturer’s monitoring platform to which We have access;
(i) payment information You provide through Our third-party payment platform or by reading card details aloud for entry into Our EFTPOS terminal (We do not write down or store full card numbers); and
(j) where You participate in Our referral programme, the name and email address You submit to generate a referral link, and (if You are referred to Us through that programme) the enquiry details You submit through Our contact page.
4.3 We also collect Personal Information about You from third parties, including:
(a) referral partners, including electricians, real estate agents, energy efficiency consultants and other businesses that refer customers to Us; and
(b) publicly available sources, including for the purpose of business-to-business marketing to identifiable individuals at other organisations.
4.4 Where We collect Personal Information about You from a third party, We take reasonable steps to ensure You are made aware of the matters set out in this Policy when We first contact You, unless an exception in APP 5.1 applies.
4.5 We may also collect Personal Information about You automatically when You visit Our website, through cookies, analytics tools and advertising pixels. See Section 10.
4.6 If You provide Us with Personal Information about another individual, You must ensure that individual is aware that You are providing their Personal Information to Us and the matters set out in this Policy.
5. Why We collect, hold, use and disclose Personal Information
5.1 We collect, hold, use and disclose Personal Information for the purposes set out in this Section 5, and for related purposes that You would reasonably expect.
Primary purposes
5.2 We collect, hold, use and disclose Personal Information for the following primary purposes:
(a) responding to Your enquiries and providing quotes for solar, battery storage, EV charging and related products and services;
(b) conducting site assessments, designing systems and preparing installation proposals;
(c) entering into and performing contracts with You, including arranging and carrying out installation, commissioning, maintenance and warranty service;
(d) applying on Your behalf for connection approvals from Your Distribution Network Service Provider (DNSP);
(e) creating and assigning small-scale technology certificates (STCs) and battery small-scale technology certificates (BSTCs) under the Renewable Energy Target scheme, including providing information to the Clean Energy Regulator and to STC agents acting on Our behalf;
(f) registering products for warranty with equipment manufacturers and establishing monitoring platform access for Your installed equipment;
(g) processing finance applications You make through Us, including transcribing application information into the systems of Our finance partners (currently Brighte and Plenti);
(h) administering payments, invoicing and credit control, including engaging debt collectors and legal advisers where amounts remain unpaid;
(i) administering statutory home building compensation and equivalent residential building insurance schemes that apply to Our work in the Australian states and territories in which We operate;
(j) administering Our referral programme, including tracking referrals and providing any rewards offered under that programme;
(k) responding to complaints, warranty claims and disputes, and exercising or defending Our legal rights; and
(l) complying with Our legal obligations, including under the Renewable Energy (Electricity) Act 2000 (Cth), tax legislation, electrical safety and building legislation, and the requirements of regulators and courts.
Secondary purposes
5.3 We also use and disclose Personal Information for the following secondary purposes, which We consider You would reasonably expect:
(a) internal record-keeping, business administration, reporting and analytics;
(b) auditing and reviewing the quality of Our products, services and customer interactions, including reviewing recorded telephone calls for training and quality assurance purposes; and
(c) improving Our products, services, website and customer experience.
5.4 We use and disclose Personal Information for direct marketing purposes in accordance with the Privacy Act, the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth). See Section 8.
5.5 We use and disclose Personal Information for purposes other than those set out in this Policy only where:
(a) You have consented;
(b) the use or disclosure is required or authorised by or under an Australian law or a court or tribunal order; or
(c) another exception in APP 6 applies.
Use of Personal Information for AI and machine learning
5.6 We may use recordings of telephone calls between You and Us — and information derived from those recordings — for the purposes of generating call summaries, extracting key takeaways, and improving Our customer service and training, including through the use of artificial intelligence and machine learning tools.
5.7 We may engage third-party AI service providers to assist with the activities described in clause 5.6. Where We do so:
(a) We will tell You, in this Policy or at the point of collection, the categories of information processed and the country in which the service provider is located;
(b) We will not permit the service provider to use Your Personal Information to train or improve their general-purpose AI models, except with Your express opt-in consent; and
(c) We will not use call recordings of finance application calls (which contain identity verification information including dates of birth and driver licence numbers) for AI processing without Your express opt-in consent.
5.8 If You do not consent to a use described in clauses 5.6 or 5.7 for which We seek consent, this will not affect the products and services We provide to You.
6. Disclosure of Personal Information to third parties
6.1 We disclose Personal Information to third parties only where it is reasonably necessary for one or more of the purposes set out in Section 5, where You have consented, or where We are required or authorised to do so by or under an Australian law or a court or tribunal order.
6.2 We disclose Personal Information to the following categories of recipients:
(a) Subcontracted installers, electricians and trades: independent contractors and contracting businesses (typically sole traders and small companies) engaged by Us to carry out installation, commissioning, maintenance and service work at Your premises. We disclose the information they need to attend Your site and complete the work, including Your name, address, contact details, scope of work and any site-access information You have provided.
(b) Distribution Network Service Providers (DNSPs): the electricity network operator for Your area, to whom We lodge connection applications and from whom We receive connection approvals. DNSPs to whom We may disclose Your Personal Information include Ausgrid, Endeavour Energy and Essential Energy (NSW), and Evoenergy (ACT).
(c) The Clean Energy Regulator and STC/BSTC agents: We assign small-scale technology certificates (STCs) and battery small-scale technology certificates (BSTCs) created from Your installation through an STC agent (currently BridgeSelect), who interacts with the REC Registry administered by the Clean Energy Regulator. We disclose the information required to validate the installation and create the certificates, including Your name, installation address, NMI and installation details.
(d) Equipment manufacturers: the manufacturers of the solar panels, inverters, batteries, EV chargers and monitoring equipment installed at Your premises, for warranty registration and to establish Your access to the manufacturer’s monitoring platform. Disclosures of this kind frequently involve transfers of Personal Information overseas (see Section 7).
(e) Finance partners: Brighte and Plenti, where You apply for finance through Us in connection with Your purchase.
(f) Payment processor: Stripe (via the Pylons payment platform), which processes card payments You make to Us.
(g) Back-end service providers: providers of the technology platforms We use to run Our business, including Our customer relationship management platform, job management platform, accounting platform, marketing automation platform, e-signature platform and cloud hosting providers. These providers handle Personal Information only on Our instructions and only for the purpose of providing the relevant service to Us.
(h) Insurers and home building compensation scheme administrators: insurers and scheme administrators who issue or administer the statutory residential building insurance applicable to Our work.
(i) Debt collectors and legal advisers: where amounts owing to Us remain unpaid, or where We need to obtain legal advice or take or defend legal action.
(j) Auditors, professional advisers and regulators: Our external auditors, accountants and other professional advisers; and regulators including the Clean Energy Regulator, the OAIC, the Australian Competition and Consumer Commission, fair trading and consumer protection regulators in the states in which We operate, and the Australian Taxation Office.
(k) Law enforcement and government agencies: where We are required or authorised by or under an Australian law, or a court or tribunal order, to disclose Personal Information.
(l) Successors and prospective purchasers of Our business: in connection with a proposed sale, restructure or transfer of all or part of Our business, subject to confidentiality obligations.
6.3 We do not sell, trade or rent Your Personal Information to any third party.
6.4 Where We disclose Personal Information to a recipient that is not located in Australia, We do so in accordance with Section 7.
7. Disclosure of Personal Information overseas
7.1 In the course of Our business, We disclose Personal Information to recipients located outside Australia.
7.2 Before disclosing Personal Information to an overseas recipient, We take reasonable steps to ensure that the recipient does not breach the APPs in relation to that information. These steps may include entering into contractual arrangements requiring the recipient to handle the information consistently with the APPs, and applying security and access controls appropriate to the sensitivity of the information.
7.3 The recipients to whom We currently disclose Personal Information, and the countries in which they are located, are:
(a) Members of Our team based in the Philippines, who perform customer service, sales support and administrative work for Us and who have access to Our customer relationship management system, email accounts and certain recorded sales calls;
(b) Our customer relationship management and marketing automation platform (currently GoHighLevel, located in the United States), to be replaced by Salesforce (located in Australia) within the next four months;
(c) Our accounting platform (Xero), the underlying hosting infrastructure for which is located in the United States;
(d) Our payment processor (Stripe, accessed via the Pylons payment platform), located in the United States;
(e) Equipment manufacturers and their monitoring platforms. The locations relevant to Our current product range include the United States (for Tesla equipment), Singapore (for Alpha equipment) and China (for Goodwe equipment). Some equipment We install, including Sigenergy equipment, is supplied by manufacturers headquartered overseas but with monitoring data hosted in Australia. The locations may change as Our product range changes;
(f) Our website analytics and advertising providers (Google LLC and Meta Platforms, Inc.), located in the United States and other countries, in connection with the activities described in Section 10; and
(g) Where We obtain Your express opt-in consent under Section 5.7, any vendor We engage to provide AI or machine learning services in connection with that consent, in the country We disclose to You at the time We seek Your consent.
7.4 The list in clause 7.3 reflects Our overseas disclosures as at the date of this Policy. We will update this Policy when the list changes materially.
7.5 By providing Your Personal Information to Us, You acknowledge that We will disclose it to overseas recipients in the manner set out in this Section 7. We remain accountable for Personal Information We disclose to overseas recipients in accordance with section 16C of the Privacy Act, except in the limited circumstances set out in APP 8.2.
8. Direct marketing
8.1 We use Personal Information to send You direct marketing communications about Our products and services, including by email, SMS, telephone and post.
8.2 We send direct marketing communications:
(a) to existing customers and to individuals who have expressed interest in Our products and services, where the marketing relates to products and services of the kind they have previously dealt with Us about, or which they would reasonably expect Us to send; and
(b) to other individuals where We have obtained their consent.
8.3 We send commercial electronic messages (including marketing emails and SMS) in accordance with the Spam Act 2003 (Cth). Every commercial electronic message We send:
(a) clearly identifies Us as the sender and includes Our contact details; and
(b) includes a functional unsubscribe facility that allows You to opt out of receiving further commercial electronic messages from Us.
8.4 We comply with the Do Not Call Register Act 2006 (Cth) when making telemarketing calls. We do not make telemarketing calls to numbers registered on the Do Not Call Register, except where an exception in that Act applies (for example, where You have given Us Your consent).
8.5 You can opt out of receiving direct marketing communications from Us at any time by:
(a) using the unsubscribe link in any marketing email or SMS We send You;
(b) replying STOP to any marketing SMS;
(c) telling Us during any telephone call;
(d) emailing Hello@lenergy.com.au; or
(e) writing to Us at the address in Section 15.
8.6 Unless You tell Us otherwise, We will treat Your opt-out as applying to direct marketing across all channels (email, SMS, telephone and post).
8.7 We will action Your opt-out request as soon as practicable and, in any event, within five business days for commercial electronic messages.
8.8 We do not use Sensitive Information for direct marketing.
9. Recording of telephone calls
9.1 We record some or all of Our telephone calls with You for the purposes of:
(a) quality assurance, training and customer service review;
(b) maintaining accurate records of Our dealings with You, including the content of quotes, contracts and finance applications discussed during the call; and
(c) protecting Our legal interests in the event of a dispute.
9.2 At the start of each recorded call, We will tell You that the call is being or may be recorded and the purposes for which it may be used. If You do not consent to the call being recorded, You may tell Us at that time and We will stop the recording.
9.3 We hold call recordings securely and access to them is restricted to personnel who need access for a purpose set out in clause 9.1.
9.4 We may disclose call recordings:
(a) to members of Our team based in the Philippines, who have access to certain recorded sales calls for the purposes of customer service, sales support and quality review (but not to recordings in which payment card details are spoken; We pause recording during card-detail entry);
(b) where We obtain Your express opt-in consent, to AI service providers for the purposes set out in Section 5.6 and 5.7 (but not recordings of finance application calls, except with Your separate express opt-in consent);
(c) to Our finance partners, regulators, insurers, debt collectors or legal advisers, where required to evidence a transaction or to exercise or defend Our legal rights; and
(d) where required or authorised by or under an Australian law.
9.5 We retain call recordings in accordance with Section 13.
9.6 If You ask Us not to record a particular call, We will not record that call. We may need to ask You to provide certain information in writing instead of by telephone if We are unable to record the call.
10. Cookies, analytics and website tracking
10.1 When You visit Our website, We and Our service providers use cookies, pixels, tags and similar technologies to collect information about Your visit and to support Our marketing and analytics activities.
10.2 The information collected through these technologies includes Your IP address, browser type, device type and operating system, the pages You visit on Our website, the date and time of Your visit, the website You came from, and Your interactions with Our website and with Our advertising on third-party platforms.
10.3 The principal cookies, pixels and analytics tools We use, and the third parties that receive the information collected through them, are:
(a) Google Analytics (provided by Google LLC), which collects information about how visitors use Our website and produces reports that help Us improve the site. Information collected through Google Analytics is processed by Google in the United States and other countries;
(b) Meta Pixel (provided by Meta Platforms, Inc.), which collects information about visitors who have interacted with Our advertising on Facebook and Instagram, to help Us measure and improve the effectiveness of that advertising. Information collected through the Meta Pixel is processed by Meta in the United States and other countries; and
(c) Functional and analytics cookies set by Us, which support the operation of Our website and help Us understand how visitors use it.
10.4 We also share customer contact information (including email addresses) with Meta Platforms, Inc. and Google LLC for the purpose of building advertising audiences (for example, through Meta Custom Audiences and Google Customer Match). The contact information is uploaded in a hashed form, but remains Personal Information about identifiable individuals. Information shared in this way is processed by Meta and Google in the United States and other countries.
10.5 If You do not want Your contact information to be used for the purpose described in clause 10.4, You can opt out at any time by using any of the methods set out in clause 8.5. We will treat an opt-out from direct marketing as including an opt-out from audience-building uploads, in accordance with clause 8.6.
10.6 Most web browsers allow You to control cookies through Your browser settings, including by blocking or deleting cookies. You can also opt out of Google Analytics by installing the Google Analytics opt-out browser add-on, and You can adjust Your advertising preferences on Facebook and Instagram through the settings on those platforms. If You block cookies, some features of Our website may not work as intended.
10.7 To the extent the information collected through, or shared via, these technologies is Personal Information, We handle it in accordance with this Policy, including the overseas disclosure provisions in Section 7.
11. Quality of Personal Information
11.1 We take reasonable steps to ensure that the Personal Information We collect, hold, use and disclose is accurate, up to date, complete and relevant for the purposes for which it is used or disclosed.
11.2 The reasonable steps We take include:
(a) collecting Personal Information directly from You wherever practicable;
(b) confirming key information (such as Your contact details, installation address and NMI) with You at relevant points during the sales, design and installation process;
(c) reviewing and updating Our records when You notify Us of a change; and
(d) responding to requests You make under Section 14 to correct Personal Information that You consider to be inaccurate, out of date, incomplete, irrelevant or misleading.
11.3 If You become aware that any Personal Information We hold about You is inaccurate, out of date, incomplete, irrelevant or misleading, please contact Us using the details in Section 15 and We will correct it.
12. Security of Personal Information
12.1 We take reasonable steps to protect the Personal Information We hold from misuse, interference and loss, and from unauthorised access, modification or disclosure.
12.2 The reasonable steps We take include:
(a) restricting access to Personal Information to personnel who need access for a business purpose;
(b) requiring multi-factor authentication for access to the principal systems in which Personal Information is held;
(c) using reputable third-party service providers for the technology platforms through which We collect, hold and process Personal Information; and
(d) taking physical security measures at Our premises.
12.3 We regularly review and update Our information security practices, including Our staff training, breach response planning and arrangements with the service providers and personnel who handle Personal Information on Our behalf.
12.4 No method of transmitting or storing information can be guaranteed to be completely secure. While We take the steps described in this Section 12, We cannot guarantee that Personal Information We hold will not be subject to unauthorised access, modification or disclosure.
12.5 If We become aware of a data breach involving Personal Information We hold, We will assess and respond to the breach in accordance with the Notifiable Data Breaches scheme in Part IIIC of the Privacy Act. See Section 16.
13. Retention and destruction of Personal Information
13.1 We hold Personal Information for as long as is necessary to fulfil the purposes set out in this Policy and to comply with Our legal obligations.
13.2 The period for which We hold Personal Information depends on the type of information and the purpose for which We hold it. Relevant factors include:
(a) Our obligations under the Renewable Energy (Electricity) Act 2000 (Cth) and associated regulations to retain records relating to the creation and assignment of small-scale technology certificates;
(b) Our obligations under taxation legislation, including the Income Tax Assessment Act 1936 (Cth) and the Income Tax Assessment Act 1997 (Cth), to retain financial records;
(c) Our obligations under electrical safety, building and consumer protection legislation in the jurisdictions in which We operate;
(d) the limitation periods that apply to claims relating to building work, including under the Home Building Act 1989 (NSW) and equivalent legislation in the Australian Capital Territory;
(e) Our obligation under the Spam Act 2003 (Cth) to retain evidence of consent to commercial electronic messages; and
(f) the period during which We may need to defend or pursue legal claims.
13.3 The following table sets out the indicative periods for which We hold the principal categories of Personal Information. Where We are required by law to retain information for longer, We do so:
| Category of Personal Information | Indicative retention period |
|---|---|
| Quote and prospect information, where You do not become a customer | 2 years from Our last contact with You |
| Customer contract, installation and warranty records | 7 years from completion of the installation, or longer where required by law |
| Finance application records | 7 years from the application |
| Recordings of transactional telephone calls (including finance application, contract formation, warranty and complaint calls) | 7 years from the call |
| Recordings of non-transactional telephone calls | 2 years from the call |
| Marketing engagement data | 3 years from Your last engagement with Our marketing |
| Website analytics and tracking data | In accordance with the underlying provider’s default retention settings (currently up to 14 months for Google Analytics user-level data) |
| Records relating to the creation and assignment of small-scale technology certificates | In accordance with Our obligations under the Renewable Energy (Electricity) Act 2000 (Cth) |
| Financial records | 7 years (reflecting the statutory minimum and a buffer for late-arising obligations) |
13.4 When We no longer need Personal Information for any purpose set out in this Policy and We are not required by law to retain it, We take reasonable steps to destroy or de-identify it.
13.5 The reasonable steps We take to destroy or de-identify Personal Information depend on the form in which it is held and the systems in which it is stored. They may include deleting the information from Our systems, instructing Our service providers to delete the information, and securely disposing of physical records.
14. Access to and correction of Personal Information
Access.
14.1 You have the right to request access to the Personal Information We hold about You.
14.2 To request access, please contact Us using the details in Section 15 and describe the information You are seeking. We may ask You to verify Your identity before responding to Your request to ensure We do not disclose Your Personal Information to anyone else.
14.3 We will respond to Your access request within a reasonable period after the request is made and, in any event, within 30 days. Where We can, We will give You access in the form You request.
14.4 Access is generally provided free of charge. We may charge a reasonable fee for the work involved in providing access to extensive or historical records, in which case We will tell You the fee before doing the work.
14.5 In limited circumstances, We may refuse to provide access to Personal Information We hold about You. The grounds on which We may refuse are set out in APP 12.3 and include where:
(a) giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety;
(b) giving access would have an unreasonable impact on the privacy of other individuals;
(c) the request is frivolous or vexatious;
(d) the information relates to existing or anticipated legal proceedings between Us and You, and would not be accessible by the process of discovery in those proceedings;
(e) giving access would reveal Our intentions in relation to negotiations with You in a way that would prejudice those negotiations;
(f) giving access would be unlawful;
(g) denying access is required or authorised by or under an Australian law or a court or tribunal order;
(h) giving access would be likely to prejudice the taking of appropriate action in relation to a matter relating to unlawful activity or serious misconduct relating to Our functions or activities;
(i) giving access would be likely to prejudice an enforcement-related activity conducted by, or on behalf of, an enforcement body; or
(j) giving access would reveal evaluative information generated within Lenergy in connection with a commercially sensitive decision-making process.
14.6 If We refuse to give You access, or to give You access in the form You requested, We will give You written notice setting out the reasons for the refusal and the mechanisms available to You to complain about the refusal.
Correction.
14.7 If You believe that any Personal Information We hold about You is inaccurate, out of date, incomplete, irrelevant or misleading, You can ask Us to correct it.
14.8 To request correction, please contact Us using the details in Section 15 and tell Us what You believe is wrong and what the information should say.
14.9 If We are satisfied that the Personal Information is inaccurate, out of date, incomplete, irrelevant or misleading, We will take reasonable steps to correct it. We will respond to Your correction request within a reasonable period after the request is made and, in any event, within 30 days.
14.10 If We have disclosed the Personal Information to another entity and You ask Us to notify that entity of the correction, We will take reasonable steps to do so, unless it is impracticable or unlawful.
14.11 If We refuse to correct Personal Information as You have requested, We will give You written notice setting out the reasons for the refusal and the mechanisms available to You to complain about the refusal. You may also ask Us to associate with the information a statement that You consider it to be inaccurate, out of date, incomplete, irrelevant or misleading. We will take reasonable steps to associate such a statement in a way that will make it apparent to users of the information.
15. Complaints
15.1 If You have a complaint about Our handling of Your Personal Information, We want to hear about it so We can address it.
15.2 To make a complaint, please contact Us using the details in Section 19. Where possible, please provide:
(a) Your name and contact details;
(b) a description of the conduct You are complaining about, including the date and the people involved if known;
(c) the Personal Information of Yours that is affected; and
(d) what You would like Us to do to resolve the complaint.
15.3 We will acknowledge Your complaint within 7 days of receiving it. We will investigate Your complaint and respond to You within 30 days. If We need more time to investigate, We will tell You and explain why.
15.4 Our response will set out the outcome of Our investigation and any steps We propose to take to address Your complaint.
15.5 If You are not satisfied with Our response, or if We do not respond within 30 days, You can complain to the Office of the Australian Information Commissioner (OAIC):
Online: oaic.gov.au
Phone: 1300 363 992
Post: GPO Box 5288, Sydney NSW 2001
Email: enquiries@oaic.gov.au
15.6 The OAIC may also be the appropriate body to complain to in the first instance if You believe We have seriously interfered with Your privacy.
16. Notifiable data breaches
16.1 The Privacy Act 1988 (Cth) requires Us to notify affected individuals and the OAIC about certain data breaches. This obligation is called the Notifiable Data Breaches scheme and is set out in Part IIIC of the Privacy Act.
16.2 An eligible data breach occurs where:
(a) there is unauthorised access to, unauthorised disclosure of, or loss of, Personal Information that We hold;
(b) the access, disclosure or loss is likely to result in serious harm to one or more individuals to whom the information relates; and
(c) We have not been able to prevent the likely risk of serious harm through remedial action.
16.3 If We have reasonable grounds to suspect that an eligible data breach may have occurred, We will carry out a reasonable and expeditious assessment to determine whether the breach is an eligible data breach. We will complete this assessment within 30 days, except where the assessment can be completed sooner.
16.4 If We determine that an eligible data breach has occurred, We will, as soon as practicable:
(a) prepare a statement describing the breach, the kinds of information involved, and the steps We recommend affected individuals take in response;
(b) provide a copy of that statement to the OAIC; and
(c) take reasonable steps to notify each affected individual of the contents of the statement, or notify each individual at particular risk of serious harm.
16.5 We will not notify under clause 16.4 in the limited circumstances in which the Privacy Act provides an exception, including where notification would prejudice an enforcement-related activity, would be inconsistent with a secrecy provision, or where We are part of a joint breach and another participant has already notified.
17. Anonymity and pseudonymity
17.1 You have the option of not identifying Yourself, or of using a pseudonym, when dealing with Us, except where:
(a) We are required or authorised by or under an Australian law, or a court or tribunal order, to deal with individuals who have identified themselves; or
(b) it is impracticable for Us to deal with You if You have not identified Yourself.
17.2 In practice, You can make an initial enquiry about Our products or services anonymously or under a pseudonym (for example, by asking general questions through Our website or by telephone). However, We will not be able to provide quotes, conduct site assessments, enter into contracts, install equipment, process finance applications, lodge connection applications with Distribution Network Service Providers, or create small-scale technology certificates without collecting identifying information about You.
18. Children
18.1 Our products and services are directed at property owners and other adults, not at children.
18.2 We do not knowingly collect Personal Information about children under the age of 18 in connection with Our marketing, sales or services to consumers. If You believe We have collected Personal Information about a child in this context, please contact Us using the details in Section 19 and We will take reasonable steps to delete the information.
18.3 We do employ apprentices in Our electrical and installation operations, some of whom are under the age of 18. Our handling of Personal Information about Our apprentices is part of Our handling of employee records, which is exempt from the Australian Privacy Principles under section 7B(3) of the Privacy Act in respect of acts and practices directly related to the employment relationship.
19. How to contact Us about privacy
19.1 If You have any questions about this Policy, or if You wish to:
(a) request access to Personal Information We hold about You;
(b) request correction of Personal Information We hold about You;
(c) opt out of direct marketing;
(d) withdraw a consent You have previously given Us; or
(e) make a complaint about Our handling of Personal Information,
You can contact Us using the details set out below.
Contact details:
Postal address: Lenergy Pty Ltd, 6/13 Old Dairy Close, Moss Vale NSW 2577
Email: Hello@lenergy.com.au
Telephone: 1300 887 785
19.2 Privacy enquiries are handled by Our nominated privacy contact, currently Our General Manager.
20. Changes to this Policy
20.1 We may update this Policy from time to time to reflect changes in Our business, changes in technology, or changes in legal or regulatory requirements.
20.2 The current version of this Policy is available on Our website at lenergy.com.au.
20.3 The date this Policy was last updated is set out at the end of the Policy. Where We make material changes to this Policy, We will take reasonable steps to bring those changes to Your attention, including by posting a notice on Our website or, where appropriate, by direct communication with You.
21. Effective date and version
This Policy is effective from 26/05/2026.
Version: 1.0
Last updated: 26/05/2026