Personal Information has the meaning given to it in the Privacy Act and includes information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not.
Sensitive Information is a type of personal information that is provided higher protection under the Privacy Act, and includes racial or ethnic origin, political opinions, religious beliefs, trade union membership, criminal record or details about your health, genetic or biometric information.
Types of personal information we collect
We aim only to collect personal information that is reasonably necessary to provide the service, product or information you have requested from us.
We collect and hold the following types of personal information:
- contact information such as your name, phone number, email and postal or residential address;
- financial information such as your credit card and banking details;
- information about your use and interaction with our websites or social media accounts;
- information about how you engage with us, or our products and services;
- information related to job applications such as your work history, passport details, drivers license;
- sensitive information, such as your health information or criminal record.
When we collect sensitive information we will always get your consent, unless the collection of the sensitive information permitted under the Privacy Act.
How and why we collect personal information
We collect personal information in a variety of ways including (without limitation) when you:
- fill in our forms (either online or hard copy);
- contact us (e.g., call or email us);
- give us feedback or make a complaint;
- purchase or use our products or services;
- visit our websites, including through Cookies on our websites;
- interact with us on social media;
- apply for a job with us.
Cookies are small data files that are stored on your device via your web browser. Our websites contain cookies and we may use these to gather information about your use of our websites. You can disable Cookies by changing the settings in your browser.
Unless it is unreasonable or impracticable to do so, we collect your personal information from you directly. In many cases however, we will collect information about you from a third party such as your employer, your referees, recruitment agencies, contractors and business partners, government departments, insurers, or from publicly available sources.
At the time of collection, or as soon as practicable after we have collected it, we will take reasonable steps to notify you of the collection and of any matters relevant to the collection, unless it is obvious from the circumstances that you would know or would expect us to have the information.
We strive to ensure that the purpose for collecting your personal information is relevant and necessary to the product, service or information you have requested from us. We collect personal information:
- to facilitate and manage our relationships with current or potential customer, suppliers, contractors, employees, and community stakeholders;
- to manage and enhance our products and services;
- for our marketing, promotional, business planning, quality control and research purposes;
- verify your identity;
- to send you communications and publications;
- for billing and payment processing;
- facilitate a complaint handling process or receiving feedback, including to investigate complaints, or where we suspect you have breached our Company Policies or Procedures, or engaged in unlawful activities that relate to our functions or activities; and
- assess your application to work with us, including conducting pre-employment checks, and (where applicable) managing our working relationship with you (including performance reviews, training, disciplinary actions).
Use and Disclosure
We will only use or disclose your personal information for the purpose for which the information was originally collected (as generally described above). However, we may use the information for another purpose if your consent has been obtained or if the other purpose is related to a purpose for collection and you would reasonably expect that your personal information would be used in that manner.
We may disclose your personal information with our subsidiaries and third parties, including:
- professional advisors including accountants, auditors or lawyers;
- payment system operators or financial institutions; and
- external providers of services that we use to operate our business and manage our business including but not limited to: insurers, file storage service providers, database and mailing service providers, couriers and/or freight service providers, printers, software vendors, providers of payment processing and identity verification services and IT technicians.
We only permit access to the personal information external providers need to deliver the service to us or to you. We take reasonable steps to ensure that these organisations are bound by confidentiality and privacy obligations in relation to the protection of your personal information. However, the privacy and collection practices of entities to which we disclose personal information are governed by their own privacy policies.
We will not disclose sensitive information to third parties without your consent, unless the circumstances give rise to an exception under the Privacy Act.
Some of the software providers we use have servers based overseas, which means we disclose personal information to overseas recipients. The countries were overseas recipients of personal information we hold are likely to be located in the Asia Pacific Region and include countries such as Singapore, Japan, South Korea, Hong Kong and Malaysia.
Storage and security
Personal information we collect is stored on printed documents, electronic databases and email contact lists located in our offices or with our third party storage providers.
We take all reasonable precautions to safeguard personal information that we collect and hold from loss, misuse, unauthorised access, modification or disclosure. We do this through a number of means, including premises security, requiring employees and contractors to enter into confidentiality agreements, restricting access to personal information, and IT controls such as password protection, fire walls and encryption.
In situations where anonymity is both lawful and practicable, you may remain anonymous or use a pseudonym when dealing with us.
We will not adopt a government related identifier as our own identifier, or use or disclose a government related identifier unless permitted by the Privacy Act.
Quality, Access and Correction
We take reasonable steps to ensure that the personal information we collect is accurate, up-to-date and complete.
You have the right to request access to, or correction of, the personal information that we hold about you. We will permit access to or correction of personal information, unless there is a lawful reason for refusing your request for access or correction. If we refuse your request we will give you written notice explaining our reasons for that refusal and how you can complain about that refusal. Requests can be made via the contact details set out below.
How to Make a Complaint
If you believe there has been a breach of your privacy or would like to make a complaint please forward your complaint in writing to the contact details set out below. We aim to investigate and respond to complaints within 28 days of receiving the complaint. If we require more time to investigate your complaint, we will let know when we expect to be able to provide you with a response.
You can also make a complaint to the Office of the Australian Information Commissioner. Further information is available at www.oaic.gov.au.
You can contact us in respect of any issues in relation to privacy by phone on (03) 9261 5000 or email at firstname.lastname@example.org