We are bound by the Australian Privacy Principles (APPs) contained in the Privacy Act 1998 (Cth) (the Act). The principles are designed to protect the privacy of individuals by regulating the way personal information is managed by Australian businesses. Personal information is any information that allows an individual to be personally identified.
We are bound by and acknowledge the importance of the Notifiable Data Breach Scheme, which has been addressed by Us in Our Data Breach Response Plan.
You do not have to provide Us with your personal information. However, if you do not, We may not be able to provide you with information or services you request or important notices in relation to Our provision of and your use of Our products or services.
We collect information that is reasonably necessary for Us to provide you with the services or products you have requested from Us, and to manage Our obligations to you under any customer contract or applicable law. Some of the services or products may include:
We will only collect your sensitive information if you have provided Us with consent to do so. Where practicable, We will give you the option of interacting with Us anonymously.
However, We may also collect and hold other information required to provide services or assistance to you, including your emergency contact details, sensitive information, and information necessary to assess your creditworthiness.
We may collect your information in various ways, including via telephone, Our website, third party websites or software suppliers, hard copy forms or email, face-to-face meetings including inspections or interviews, third parties, referrals through Our related entities or strategic partners, social media channels.
We only collect personal information by lawful and fair means. By providing personal information to Us, you consent to Us collecting and storing this information as well as further information as may be provided by you in order that We may follow up your enquiries and best service your needs.
Whenever you choose to deal with Us directly, We will collect this information directly from you. However, there may be occasions when We collect your information from someone else. This may include contracted service providers, agents acting on Our behalf or related entities and/or anyone you have authorised to deal with Us on your behalf.
By subscribing to the forms on Our website, you are actively asking Us to supply you with information about Our services and We will do this through the method of contact provided by you, which may be phone or email.
On all occasions, your information is collected, held, used, and disclosed by Us in accordance with this policy and applicable Australian Privacy Principles.
We only use your information for the purpose for which it was provided to Us, related purposes that you would reasonably expect and as permitted or required by law. Such purposes include:
We may disclose your personal information to government agencies, Our service providers, agents, contractors, business partners and other recipients from time to time, only if one or more of the following apply:
However, We will only use your sensitive information for the purposes for which it was initially collected, other directly related purposes or purposes to which you otherwise consent.
If you are not a customer (for example, if you are a supplier or other third party), your information will only be used for the specific purpose for which it was provided to Us, unless you have consented to other uses.
We may disclose your information to Our related entities and third parties who provide services to Us or on Our behalf, including:
We will only disclose your sensitive information for the purposes for which it was initially collected, other directly related purposes or purposes to which you consent.
We may disclose personal information to overseas recipients including but not limited to contracted service providers or related bodies corporate or related entities based outside Australia for processing, storage, or back-up.
We will take reasonable steps (eg, contractual measures) to ensure that these providers comply with applicable Australian Privacy Principles (APPs). Further, certain contracted service providers may enter arrangements with overseas providers from time to time. We recommend that you view their privacy policies for details.
Any overseas disclosure does not affect Our commitment to safeguarding your personal information. Where reasonable in the circumstances, Our contracts with overseas recipients oblige them to comply with the APPs and the Act. However, you acknowledge that, in agreeing to the disclosure of your information to overseas recipients, We will not be required to take further reasonable steps to ensure overseas recipients’ compliance with the APPs in relation to your information and We will not be liable to you for any breach of the APPs by those overseas recipients. On this basis, you consent to such disclosure.
The General Data Protection Regulation (GDPR) relates to EU and UK residents’ control over their Personal Data. It is a comprehensive law that provides greater data rights for individuals and requires organisations who control and process data to comply with data protection principles.
Personal Data means data that relates to an individual which, in isolation or in combination with other information, enables the individual to be identified directly or indirectly.
Where the GDPR applies with regard to any Personal Data We collect, then this section applies to that Personal Data. For the purpose of GDPR, We are the ‘controller’.
If You are a resident in the EU or UK, you have the following rights with respect to your Personal Data, and can exercise them by sending a request to the Privacy Officer at email@example.com or by phoning 0499 552 166. Those rights include:
We take reasonable steps (including any measures required by law) to ensure your information is protected and secure. For any payments you make via Our websites, We use a recognised payment service provider that is required to take reasonable steps to protect your information.
We also take reasonable precautions to ensure that any information you provide to Us through Our websites is transferred securely from Our servers to Our mainframe computers, including by means of Secure Sockets Layer (SSL) protocols.
Other information protection measures We take include:
All personal information collected by Us through Our platforms listed is stored in a variety of formats including electronically in databases, in hard copy files and on personal devices including laptop computers, mobile phones, cameras and other recording devices. We will not store personal information for longer than necessary (or than We are legally allowed to) and when it is no longer required it will be deleted from the database. We may store information in ‘the cloud’ which may mean that it resides on servers situated outside of Australia.
However, no data protection and security measures are completely secure. Despite all the measures We have put in place, We cannot guarantee the security of your information, particularly in relation to transmissions over the internet.
Accordingly, any information which you transmit to Us is transmitted at your own risk. You must take care to ensure you protect your information (for example, by protecting your usernames and passwords, customer details, etc) and you should notify Us as soon as possible after you become aware of any security breaches.
If We become aware of any security breaches, an internal process will be undertaken in accordance with Our Data Breach Response Plan to conduct an assessment of the breach, and commence notification procedures, if necessary.
We take reasonable steps to ensure the information We collect and hold about you is accurate, up-to-date, and complete, and if used or disclosed, also relevant.
Please let Us know as soon as possible if there are any changes to your information or if you believe the information We hold about you is not accurate, complete, up-to-date or is otherwise misleading.
We will, on request, provide you with access to the information We hold about you unless otherwise required or permitted by law. We will notify you of the basis for any refusal to allow you access to your information.
Sometimes Our website contains links to other websites, for your convenience and information. Some of those websites may collect personally identifiable information about you. When you access a website other than Our own, please understand We are not responsible for the privacy policies of that site. We suggest you review the privacy policies of each site you visit.
If We have reasonable grounds to suspect that a data breach has occurred, We will:
We will otherwise comply with privacy data breach notification requirements, including notifying affected individuals and the Office of the Australian Information Commissioner, as applicable.
We will refer your inquiry or complaint to Our Privacy Officer. They will, within a reasonable time, investigate the issue and determine the steps that We will undertake to resolve any complaints. We will contact you if We require any additional information from you and will notify you in writing of the response or determination of Our Privacy Officer.
If you are not satisfied with Our response or determination, you can contact Us or raise your concerns with the Australian Privacy Commissioner via www.oaic.gov.au.