1. INTRODUCTION

1.1Conversify Pty Ltd ACN 158 248 063 (Conversify) offers a range of products and services relating to communication, design, printing, recruitment, marketing, brand compliance, mail services and data intelligence in Australia.

1.2In the course of our business in Australia, we collect personal information. This privacy policy has been developed to ensure that such information is handled appropriately.

1.3We are committed to complying with the Privacy Act 1988 (Cth) (Privacy Act) in relation to all personal information we collect. Our commitment is demonstrated in this policy. The Privacy Act incorporates the Australian Privacy Principles (APPs). The APPs set out the way that personal information must be treated.

1.4This privacy policy also incorporates our policy on managing credit information (see particularly section 9 onwards).

Who does the privacy policy apply to?

1.5This privacy policy also incorporates our policy on managing credit information (see particularly section 9 onwards).

What information does the privacy policy apply to?

1.6This policy applies to personal information. In broad terms, ‘personal information’ is information or opinions relating to a particular individual who can be identified.

1.7Information is not personal information where the information cannot be linked to an identifiable individual.

2. HOW DO WE MANAGE THE PERSONAL INFORMATION WE COLLECT?

2.1We manage the personal information we collect in numerous ways, such as by:
(a)   implementing procedures for identifying and managing privacy risks;
(b)  implementing security systems for protecting personal information from misuse, interference and loss from unauthorised access, modification or disclosure such as by storing paper and electronic records in facilities that are only accessible by staff members who have a genuine ‘need to know’ as well as ‘right to know’;
(c)   providing staff with training on privacy issues;
(d)   appropriately supervising staff who regularly handle personal information;
(e)   implementing mechanisms to ensure any agents, contractors or service providers who deal with us comply with the APPs;
(f)   implementing procedures for identifying and reporting privacy breaches and for receiving and responding to complaints; and
(g)   appointing a privacy officer within the business to monitor privacy compliance.

2.2Subject to our professional obligations, we will take reasonable steps to destroy or de-identify personal information as soon as possible after that information is no longer needed for the purposes for which we are authorised to use it and usually within a maximum of seven years from collection, unless the law requires otherwise.

2.3In limited circumstances it may be possible for you to use a pseudonym or remain anonymous when dealing with us. If you want to use a pseudonym or remain anonymous when dealing with us, you should notify us when making first enquiries or providing initial instructions. We will use our best endeavours to accommodate your request, subject to our ability to provide the products and perform the services for you without using your name.

3. WHAT KINDS OF INFORMATION DO WE COLLECT AND HOLD?

3.1The personal information we may collect and hold about you differs, depending on whether you are a sole trader customer of Conversify, an employee of a business that engages us, a client of a business that engages us (Contact), a service provider, contractor, agent (and their employees) or a prospective employee or a prospective service provider or a prospective contractor, but may include:

(a)   sensitive information (see below);
(b)  your contact details, including your name, address, telephone number and/or email address;
(c)   information we may require to verify your identity, including your date and place of birth;

(d)   your business name;

(e)   financial and credit information;

(f)   information in publicly available company records about you;

(g)   employment arrangements and history;
(h)   insurance information;
(i)   banking details; and
(j)   any other personal information required to provide our products and services to you or engage you.

 

Sensitive information

3.2Sensitive information’ is a subset of personal information and includes personal information that may have serious ramifications for the individual concerned if used inappropriately.

3.3Generally, we do not collect sensitive information about our customers, their employees, or Contacts.

3.4However, we may collect sensitive information if it is relevant in providing you with our products and services or engaging you, which may include any of the following:

(a)   health information;
(b)   racial or ethnic origin;
(c)   criminal history;
(d)   membership of professional or trade associations; and
(e)   membership of trade unions.

3.5We will not collect sensitive information without the individual’s consent to which the information relates unless permitted under the Privacy Act.

4. HOW AND WHEN DO WE COLLECT PERSONAL INFORMATION?

4.1Our usual approach to collecting personal information is to collect it directly from the individual concerned through:

(a)   forms (both paper and online, electronic forms);
(b)   face to face meetings;
(c)   communications via telephone, email or facsimile;
(d)   interaction with our websites; and
(d)   via our social media accounts.

4.2We may also collect personal information in other ways, such as:

(a)   from paid search providers and public registers;
(b)   when our customers provide their contact lists or integrate their products or services with our platforms or online services;

(c)   through referrals from individuals or other entities;

(d)   from your other advisers;
(e)   from our related entities;
(f)   from banks and financial institutions;
(g)   from other credit providers;
(h)   through direct marketing and business development events; and

(i)   from third party providers, suppliers and creditors.

5. HOW DO WE HOLD PERSONAL INFORMATION?

5.1Our usual approach to holding personal information includes holding that personal information:

(a)   physically, at our premises; and
(b)   electronically:
(i)   on secure online servers;
(ii)   on a private cloud; and
(iii)   with a third party data storage provider;

5.2We secure the personal information we hold in numerous ways, including:

(a)   using security systems to limit access to premises outside of business hours;
(b)   using secure servers to store personal information;
(c)   using unique usernames, passwords and other protections on systems that can access personal information; and
(d)   holding certain sensitive documents securely.

6. WHY DO WE COLLECT, HOLD, USE OR DISCLOSE PERSONAL INFORMATION?

6.1We take reasonable steps to use and disclose personal information for the primary purpose for which we collect it. The primary purpose for which information is collected varies, depending on the particular service being provided and the individual from whom we are collecting the information but is generally as follows:

(a)   in the case of sole trading customers and the employees of businesses that engage us – to provide you with our products and services and to manage our contractual relationships;
(b)   in the case of Contacts – to provide our products and services to our customers;
(c)   in the case of contractors, service providers and agents – to assist us in providing our products and services to our customers;
(d)   in the case of potential employees and potential service providers and potential contractors – to assess your suitability for employment or engagement.

 

6.2Personal information may also be used or disclosed by us for secondary purposes that are within an individual’s reasonable expectations and that are related to the primary purpose of collection.

6.3We may also collect and use the personal information of our sole trading customers, the employees of the businesses that engage us and Contacts:

(a)   to assess eligibility for credit;
(b)   to keep records of transactions to assist in future enquiries;
(c)   to provide support and respond to enquiries from you about our products and services;
(d)   to enhance our customer relationship with you;
(e)   to verify your identity;
(f)   to provide updates and alerts that are relevant to our customers;
(g)   to improve our products and services;
(h)   send special offers in relation to our services;
(i)   to refer our customers to other advisers;
(j)   to invite you to events; and
(k)   to enforce compliance with our terms of engagement and use;
(l)   to comply with the law.

6.4We may collect and use the personal information of our contractors, service providers and agents:

(a)  to conduct checks to ensure that the contractor, service provider, agent or prospective employee, contractor and service provider can perform and is performing the services and delivering the products to our standards; and
(b)  for payment purposes.

6.5We may disclose personal information to:

(a)   contractors, service providers and agents including third party technology providers we engage from time to time, such as our data storage providers and email filter providers
(b)   employers of individuals;
(c)  government bodies (such as WorkCover, Centrelink, the Australian Taxation Office, police departments, workplace health and safety authorities);
(d)   your advisors or other service providers or referral partners in the course of providing our products and services to you, or to assist our functions or activities (such as advisers and public relation firms);
(e)   our external auditors;
(f)   our related entities; and
(g)  insurance providers and brokers.

6.6Otherwise, we will only disclose personal information to third parties if permitted by the Privacy Act.

7. DIRECT MARKETING

7.1We may send you direct marketing communications and information about our products and services that we consider may be of interest to you. These communications may be sent in various forms, including mail and email, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth). If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so.

7.2In addition, at any time you may opt-out of receiving marketing communications from us by contacting us (see details below), or by using opt-out facilities provided in the marketing communications and we will then ensure that your name is removed from our mailing list.

8. WILL WE DISCLOSE PERSONAL INFORMATION OUTSIDE AUSTRALIA?

8.1We generally do not disclose personal information outside of Australia.

8.2Your personal information will not be disclosed to overseas recipients unless we are satisfied that the recipient is subject to privacy protection laws that offer substantially similar levels of protection as those required under the Australian Privacy Principles or if we have taken reasonable steps to ensure this personal information is handled in a safe and secure manner and that overseas entity is aware of the obligations relating to the information under the APPs.

9. HOW DO WE MANAGE YOUR CREDIT INFORMATION?

What kinds of credit information may we collect?

9.1We generally do not collect credit information about Contacts, our contractors, service providers, agents and their employees or prospective contractors, prospective service providers or prospective employees.

9.2However, in the course of providing our products and services to a customer, we may collect and hold the following kinds of credit information about our sole trader customers:

(a)   identification information;
(b)   information about any credit that has been provided;
(c)   their repayment history;
(d)   information about overdue payments;
(e)   the terms and conditions of credit arrangements with us;
(f)   if any court proceedings have been initiated against them in relation to your credit activities;
(g)   information about any bankruptcy or debt agreements involving them;
(h)   any publicly available information about their credit worthiness; and
(i)   any information about whether they may have fraudulently or otherwise committed a serious credit infringement.

9.3In some limited circumstances, we may incidentally obtain credit information about Contacts from the businesses that engage us.

How and when do we collect credit information?

9.4In most cases, we will only collect credit information directly from a sole trader customer.

9.5Other sources we may collect credit information from include:

(a)   our related entities;
(b)   ASIC;
(c)   Regulatory bodies;
(d)   other individuals and entities via referrals;
(e)   the businesses that engage us;
(f)   banks and other credit providers;
(g)   your suppliers and creditors; and
(h)   our contractors, service providers and agents.

9.6We do not collect or hold credit information from credit reporting bodies

How do we store and hold the credit information?

9.7We store and hold credit information in the same manner as outlined in section 5 of this policy.

Why do we collect the credit information?

9.8Our usual purpose for collecting, holding, using and disclosing credit information about you is to enable us to provide you with our products and services.

9.9We may also collect the credit information to:

(a)   process payments; and
(b)   assess eligibility for credit.

9.9We may also collect the credit information to:

Overseas disclosure of the credit information

9.10We generally do not disclose credit information overseas but we may engage software providers that store information in public clouds with data centres located overseas. We have outlined this in detail in section 8 of this policy

How can I access my credit information, correct errors or make a complaint?

9.11You can access and correct your credit information, or complain about a breach of your privacy in the manner set out in section 11 of this policy.

10. HOW DO WE HANDLE DATA BREACHES?

10.1A data breach occurs when personal information is lost or subjected to unauthorised access, use, modification or disclosure or other misuse or interference.

10.2We have implemented a data breach response plan to assist us to effectively contain, evaluate and respond to data breaches in order to mitigate potential harm to any persons affected by a data breach.

10.3In summary, our data breach response plan:

(a)   directs our staff as to the steps they should take in the event of an actual or suspected data breach;
(b)   appoints a team to handle data breaches;
(c)   sets out the process for notifying any affected persons, the Privacy Commissioner and other relevant parties; and
(d)   information about overdue payments;
(e)   outlines the review process to help prevent data breaches in the future.

10.4We will generally notify you if we reasonably believe that your personal information has been subjected to a data breach if:

(a)   there is a risk of serious harm to you;
(b)   notification could enable you to avoid or mitigate serious harm;
(c) the compromised personal information is sensitive or likely to cause humiliation or embarrassment to you; or
(d)   we are required to notify you by law.

10.5We will also notify the Privacy Commissioner if we reasonably believe that your personal information has been subjected to a data breach that is likely to result in serious harm to you.

10.6Where appropriate, we may also notify other third parties of a data breach.

11. HOW DO YOU MAKE COMPLAINTS OR ACCESS AND CORRECT YOUR PERSONAL OR CREDIT INFORMATION?

11.1It is important that the information we hold about you is up-to-date. You should contact us if your personal information changes.

Access to information and correcting personal information

11.2In the case of Contacts –

(a)   We usually only incidentally collect your personal information in the course of providing products and services to the businesses that engage us. If you would like to request access to the personal information held by us or to ask for your personal information to be corrected, you should contact the relevant business that you originally provided your personal information to and refer to their privacy policy. If you do not receive a response then we will deal with your request in accordance with the remainder of this clause 11.
(b)   If you no longer want to be contacted through our services by one of the businesses that engages us, please unsubscribe directly from that business’ mailing list or contact the business directly to update or delete your data. If you contact us directly, we may remove or update your information within a reasonable time and after providing notice to the relevant business of your request.

11.3It is important that the information we hold about you is up-to-date. You should contact us if your personal information changes.

(a)   You may request access to the personal information held by us or ask us for your personal information to be corrected by using the contact details in this section.
(b)   We will grant you access to your personal information as soon as possible, subject to the request circumstances.
(c)   In keeping with our commitment to protect the privacy of personal information, we may not disclose personal information to you without proof of identity.
(d)   We may deny access to personal information if:
(i)   the request is unreasonable;
(ii)  providing access would have an unreasonable impact on the privacy of another person;
(iii) providing access would pose a serious and imminent threat to the life or health of any person; or
(iv) there are other legal grounds to deny the request.

11.4We may charge a fee for reasonable costs incurred in responding to any access request. The fee (if any) will be disclosed before it is levied.

11.5If the personal information we hold is not accurate, complete and up-to-date, we will take reasonable steps to correct it so that it is accurate, complete and up-to-date, where it is appropriate to do so.

Complaints

11.6If you want to complain about an interference with your privacy, you must follow the following process:

(a)   In the case of Contacts – we usually only incidentally collect your personal information in the course of providing products and services to the businesses that engage us. If you would like to complain about an interference with your privacy, you should contact the relevant business that you originally provided your personal information to and refer to their privacy policy. If you do not receive a response within a reasonable time then we will deal with your complaint in accordance with the remainder of this clause 11.
(b)   In the case of individuals that we collect personal information from other than Contacts:
(i)   complaint must first be made to us in writing, using the contact details in this section. We will have a reasonable time to respond to the complaint.
(ii)  If the privacy issue cannot be resolved, you may take your complaint to the Office of the Australian Information Commissioner.

Who to contact

11.7A person may make a complaint or request to access or correct personal information about them held by us. Such a request must be made in writing to the following address:

Privacy Officer:

Postal Address:    61 Southgate Avenue Cannon Hill QLD 4170

Telephone number:    07 3902 7700

Email address:    info@gji.com.au

12. CHANGES TO THE POLICY

12.1We may update, modify or remove this policy at any time without prior notice. Any changes to the privacy policy will be published on our website.

12.2This policy is effective from August 2018. If you have any comments on the policy, please contact our privacy officer using the contact details in section 11 of this policy.

HEW10204620 3463-5648-4875v2