The Australian Privacy Principles
The Privacy Act sets standards for the way we must deal with personal information by regulating:
- the way we collect your personal information;
- the way we use and disclose it;
- our data quality and security for storage of your personal information;
- any direct marketing we conduct;
- your right of access and correction of your personal information;
- how we handle any privacy complaints; and
- any international transfer of information.
Collection of Personal Information
Personal information is any information or opinion about you (whether true or not), which either identifies you or from which your identity can reasonably be determined.
We only collect your personal information where that personal information is necessary for one or more of our functions or activities.
The types of personal information we collect may differ depending on your relationship with us. The personal information we collect includes:
- in the case of the general public contacting our customer services wishing to make a complaint, provide feedback, submit an enquiry, request a call-back or request a product replacement - your full name, physical address, email address and/or phone number/s;
- in the case of the general community of supporters and subscribers who wish to be kept informed of our latest business news, promotions, events or products – your full name, physical address, email address and/or phone number/s;
- in the case of customers purchasing our products via our Website - your full name, physical address, email address, phone number/s and credit card details; and
- in the case of general users of our Website – your computer’s internet protocol (IP) address in order to collect aggregate information on how visitors are experiencing the Website and better adapt the Website to suit personal requirements.
Collection of Sensitive Information
Sensitive information is personal information that includes information about your:
- racial or ethnic origin;
- political opinions;
- membership of a political association;
- religious beliefs or affiliations;
- philosophical beliefs;
- membership of professional or trade associations or trade unions;
- sexual orientation or practices;
- criminal record;
- health; or
- biometric information.
Sensitive information has extra protection under the law. In general, we do not collect sensitive information about you. We will only collect this information if it is necessary to do so and you have consented to its collection, or otherwise in accordance with the Privacy Act.
For example, if you report a health concern or issue related to our products, we would ask you for details of any illness or injury you have suffered and other health related details.
We will not use or disclose your sensitive information other than as allowed by the law or with your consent.
Can you choose not to disclose your personal information?
If you contact us to make a general inquiry about our business or products, you do not have to identify yourself or provide any personal information unless you require us to get back in touch with you at a later stage or if you would like us to send you further information or
You can also notify us that you wish to deal with us by not identifying yourself or using a pseudonym. However, if we are not able to collect personal information about you we may not be able to provide you with the products, services, information or assistance you require.
For example, we will not be able to send you information about our products if you have not provided us with a valid email address or phone number.
How we collect your personal information
We collect personal information from you in the following ways:
- when you contact our customer services in person, via telephone or email;
- when you agree or sign up to a promotion, or to receive our newsletter or other marketing communications, updates and materials;
- when you complete your purchase order details in our online store;
- when you browse through our Website; and
- as otherwise required to manage our business.
We will only collect personal information by lawful and fair means and not in an unreasonably intrusive way. Where it is reasonably practical to do so, we will collect your personal information directly from you. We may use third party service providers to collect and store personal information on our behalf. Where appropriate, we will request that the third party inform you that we are holding such information, how we will use and disclose it, and that you may contact us to gain access to and correct and update the information.
How secure is my personal information?
We take reasonable steps to protect your personal information from misuse or unauthorised disclosure, including where appropriate limiting access to such information to internal employees on a need-to-know basis and using password protected servers.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
However, when submitting any personal information about yourself on the internet, it is important to note that internet security is not absolute. We take reasonable steps as required by the Privacy Act to ensure that our Website is protected from outside intrusion, and we encourage you to make sure your computer is adequately protected. If you post personal information on our Website, we will consider that you have consented to the collection of this information.
Use of your personal information
We will use your personal information for the primary purpose for which it was collected.
This will vary depending on the nature of your relationship with us, for example:
- in the case of the general public contacting our customer service function – the primary purpose would be to respond to your complaint, feedback, enquiry or to send you information or replacement products;
- in the case of our general community of supporters or subscribers – the primary purpose would be to keep you informed of our latest business news, direct marketing initiatives, promotions, events or products or to receive newsletters and updates;
- in the case of customers purchasing our products via our online store – the primary purpose would be to enable us to complete your order and to keep you informed of future online store promotions and direct marketing initiatives;
- in the case of general users of our Website – the primary purpose would be to identify specific machines in order to collect aggregate information on how visitors are experiencing the Website and better adapt the Website to suit personal requirements.
We will only use personal information beyond the primary purpose where it is related to that purpose, where you consent to the further use or where it is otherwise permitted by law.
Do we disclose your personal information to third parties?
When you provide your personal information to us it may be transferred to our service providers.
The types of persons and organisations to whom we may disclose your personal information include the following:
- organisations with whom we have arrangements or agreements for the purpose of promoting our products or services and any agents used by us in administering such arrangements or agreements;
- our employees, agents, logistics providers, contractors and external advisers who carry on our functions and activities or who assist us to carry on our functions and activities from time to time;
- organisations who are contracted by us to perform certain services, including to maintain our website;
- our legal advisors, when needed; and
- other parties to whom we are authorised or required by law to disclose information.
We will not sell or share your personal information with any other company for that company’s direct marketing services.
For clarity, we may share your personal information to our service providers who may use the personal information for direct marketing services on our behalf. However, we will not share your personal information with other companies for the purpose of those companies marketing their own products to you unless we specifically ask for and receive your permission to do so.
Do we transfer your personal information overseas?
From time to time, the third parties referred to in the section above may also be located overseas.
In particular, we may engage an overseas recipient to provide services to us such as cloud-based storage solutions. Please note that the use of overseas service providers to store personal information will not always involve a disclosure of your personal information to that overseas provider.
By providing us with your personal information, you consent to the transfer of the information overseas and the storage of the information on overseas servers. You acknowledge that APP 8.1 will not apply to such disclosures.
For the avoidance of doubt, in the event that an overseas recipient breaches the APPs, that entity will not be bound by, and you will not be able to seek redress under, the Privacy Act.
Can you remove your personal information from our records?
If you do not wish to receive ongoing promotional news or information about our products and services, you can request to be withdrawn from our contact list or marketing database at any time by contacting us at firstname.lastname@example.org
Once you have made this request, we will remove your personal details and will no longer send you any direct marketing communications.
How long will we keep your personal information?
In general, we will retain and use your personal information to communicate with you indefinitely until you “opt out” of these communications by informing us that you no longer wish to receive such communications.
With regard to other personal information, such as credit card details, we will destroy or de-identify personal information once it is no longer needed for a valid purpose or required to be kept by law.
Accessing and amending your personal information
Under the Privacy Act you have rights to access and correct personal information that we hold.
You may request access to the personal information we hold about you and seek the correction of such information by contacting our customer services at email@example.com
To access your information is generally a free service. Sometimes, we may ask that you send your request to us in writing to assist us. On occasion, if furthermore detailed personal information is in our archives, a small fee may be charged to cover the cost of obtaining the information for you. We will inform you of any charges payable upon your request.
We aim to respond to requests for access to personal information within thirty (30) days.
The Privacy Act does permit us to deny you access to your personal information in certain circumstances, including if:
- there is current or pending litigation regarding the personal information;
- the request is frivolous;
- permitting access would be in breach of the law;
- providing the information would pose a threat to health or public safety; or
- providing the information would interfere with another person's privacy.
Any denial of a request for access to personal information will be accompanied by a written explanation setting out our reasons for doing so.
Where any information is not accurate, up-to-date or complete, you can request that the information be amended. We are not obliged to correct any of your personal information if we do not agree that it requires correction and may refuse to do so. If we refuse a correction request, we will provide you with a written notice stating our reasons for refusing.
In some instances where it is not practical to update your personal information, we may choose to note your desired changes and place them together with the original personal information on our records.
Enquiries and Complaints
If you wish to access or correct your personal information, or if you have any concerns or enquiries about how we deal with your personal information, you should contact us at firstname.lastname@example.org
We take all complaints seriously and will respond to your complaint within a reasonable period.
If you are dissatisfied with the handling of your complaint, you may contact the Office of the Australian Information Commissioner:
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Telephone: 1300 363 992