Purpose of this Policy
This policy details how we comply with the Privacy Act 1988 (Cth), including the Australian Privacy Principles which were introduced under that Act. In particular, this policy sets out:
- how we collect and handle Personal Information and Sensitive Information;
- how you can access and correct your Personal and Sensitive information; and
- how you can make a complaint about our handling of that information.
You should review this policy periodically as we may modify it from time to time. If you would like a hardcopy of this policy, please contact firstname.lastname@example.org.
This policy applies only in relation to individuals. It does not apply to the collection or use of information about corporations.
You should read this policy in conjunction with our Credit Reporting Policy which can be obtained online at www.gmckay.com.au/credit-policy, or in hardcopy by contacting us on email@example.com
Personal & Sensitive Information
‘Personal Information’ is:
information or an opinion about an identified individual, or an individual who is reasonably identifiable:
a) whether the information or opinion is true or not; and
b) whether the information or opinion is recorded in a material form or not.
‘Sensitive Information’ includes things such as race, sexual orientation, political opinions, members of a trade association or trade union, criminal record or health information.
Types of Personal Information we collect
We may collect and hold the following types of Personal Information:
- Your name, date of birth and address;
- Telephone numbers and email address;
- Occupation, career history and personal history;
- Bank account and licence details;
- Super fund details; and
- Hearing and medical test results.
Collection of Personal Information
We will only collect Personal Information where it is reasonable and practicable to do so by fair and lawful means.
We generally will only collect such information about you if you voluntarily submit it to us by:
- providing your information in person, via email or during a telephone call with our staff;
- completing a credit application, purchase order, registration, request or any other form we use;
- sending us information via our website.
We will not collect Personal Information about you from third parties unless:
- you consent to such collection; or
- it is unreasonable or impracticable to collect the information from you.
If it is unclear to us whether you have consented to the collection of Personal Information from a third party, we will take reasonable steps to contact you to ensure that you are aware of the purpose of the collection.
We will inform you if we are required to collect Personal Information without your consent, whether under law or pursuant to a court/tribunal order.
Collection of Sensitive Information
We aim to obtain your consent before collecting Sensitive Information about you. However, in some circumstances we are permitted to collect Sensitive Information without your consent, including where:
- there is a ‘permitted general situation’ under the Privacy Act;
- there is a ‘permitted health situation’ under the Privacy Act; or
- we are required or authorised to do so under law or pursuant to a court/tribunal order.
Unsolicited Personal & Sensitive Information
If we receive Personal or Sensitive Information which was not solicited by us, we will assess whether it is information we would ordinarily be permitted to collect and whether it is contained in a Commonwealth record. If it is not, we will destroy or de-identify the information as soon as practicable, provided it is reasonable and lawful to do so.
Use & storage of Personal & Sensitive Information
We collect, use and store your Personal and Sensitive Information to:
- establish your identity;
- provide our goods and service to you;
- process payments made by you or received on your behalf;
- inform you of upcoming events or promotions we have organised;
- comply with our legal obligations;
- conduct and improve our business; and
- manage our relationship with you.
By engaging us to provide goods and services, you consent to these uses and disclosures. You may put limitations on how we use or disclose your Personal or Sensitive Information. We will not use or disclose such information without your consent or contrary to your instructions unless authorised or required by law (including where the use or disclosure meets an exception in the Privacy Act).
If we are unable to collect your Personal or Sensitive Information, some or all of the following may occur:
- we may be unable to provide goods or services to you to the requested standard or at all;
- we may be unable to communicate with you to provide information about goods or services that you have purchased from us, or may intend to purchase in the future;
- we may be unable to tailor the content of our marketing communications to suit your preferences; and
- your experience when interacting with us may be delayed or not as efficient as you may expect.
We may send you direct marketing communications and information about goods and services offered by us or our partners or suppliers. Such communications may be via email, SMS, or regular mail.
If you have indicated a preference for a particular method of communication, we will endeavour to use that method wherever practical to do so.
You may opt out of receiving marketing communications at any time by responding via the channel in which you received the marketing communication, or by contacting us at firstname.lastname@example.org.
We do not provide your Personal or Sensitive Information to any other organisation for the purposes of direct marketing.
Safekeeping of Personal & Sensitive Information
We use reasonable and appropriate physical and electronic security measures to keep Personal and Sensitive Information we hold secure. This includes protection from misuse, interference, loss and unauthorised access, modification or disclosure.
If the Personal or Sensitive Information is in hard copy, we secure it in locked filing cabinets or storage facilities.
If the Personal or Sensitive Information is in electronic form, access is restricted by various security methods and controls including fully managed firewalls, anti-virus and intrusion detection, user access restrictions/role based permissions, penetration and vulnerability testing and restricted access facilities.
Accessing or correcting Personal & Sensitive Information
Please notify us if you believe we hold Personal or Sensitive Information about you that is inaccurate, outdated or incomplete so it can be corrected. There is no cost to do so.
You are entitled to access your Personal and Sensitive Information held by us. You can make a request for access by email to email@example.com. We will respond to the request within a reasonable period of time.
There may be reasons why we deny access, including where:
- access would be unlawful or likely to prejudice enforcement related activities;
- access would disclose a commercially sensitive decision making process;
- access would create an unreasonable impact on the privacy of others;
- the requested information relates to existing or anticipated legal proceedings with you;
- access would prejudice negotiations with you;
- access would pose a serious threat to life, health or safety to any individual or to the public in general;
- the request is frivolous; or
- denial of access is otherwise authorised by law.
You are permitted to keep your identity anonymous or use a pseudonym when you contact us. However, we will not release any information without sufficient proof of identity.
We may charge a fee to cover the reasonable cost of meeting a request to access information.
Any complaints relating to our handling of your Credit Reporting Information can be made to the Managing Director by email to firstname.lastname@example.org. If you do not consider that your complaint is adequately dealt with by us, you may make a further complaint to the Office of the Australian Information Commissioner, which has complaint handling responsibilities under the Privacy Act.