1.3We are committed to complying with the Privacy Act 1988 (Cth) (Privacy Act) in relation to all personal information we collect. Our commitment is demonstrated in this policy. The Privacy Act incorporates the Australian Privacy Principles (APPs). The APPs set out the way that personal information must be treated.
1.6This policy applies to personal information. In broad terms, ‘personal information’ is information or opinions relating to a particular individual who can be identified.
1.7Information is not personal information where the information cannot be linked to an identifiable individual.
2. HOW DO WE MANAGE THE PERSONAL INFORMATION WE COLLECT?
2.2Subject to our professional obligations, we will take reasonable steps to destroy or de-identify personal information as soon as possible after that information is no longer needed for the purposes for which we are authorised to use it and usually within a maximum of seven years from collection, unless the law requires otherwise.
2.3In limited circumstances it may be possible for you to use a pseudonym or remain anonymous when dealing with us. If you want to use a pseudonym or remain anonymous when dealing with us, you should notify us when making first enquiries or providing initial instructions. We will use our best endeavours to accommodate your request, subject to our ability to provide the products and perform the services for you without using your name.
3. WHAT KINDS OF INFORMATION DO WE COLLECT AND HOLD?
3.1The personal information we may collect and hold about you differs, depending on whether you are a sole trader customer of Conversify, an employee of a business that engages us, a client of a business that engages us (Contact), a service provider, contractor, agent (and their employees) or a prospective employee or a prospective service provider or a prospective contractor, but may include:
(d) your business name;
(e) financial and credit information;
(f) information in publicly available company records about you;
3.2Sensitive information’ is a subset of personal information and includes personal information that may have serious ramifications for the individual concerned if used inappropriately.
3.3Generally, we do not collect sensitive information about our customers, their employees, or Contacts.
3.4However, we may collect sensitive information if it is relevant in providing you with our products and services or engaging you, which may include any of the following:
3.5We will not collect sensitive information without the individual’s consent to which the information relates unless permitted under the Privacy Act.
4. HOW AND WHEN DO WE COLLECT PERSONAL INFORMATION?
4.1Our usual approach to collecting personal information is to collect it directly from the individual concerned through:
4.2We may also collect personal information in other ways, such as:
(c) through referrals from individuals or other entities;
(i) from third party providers, suppliers and creditors.
5. HOW DO WE HOLD PERSONAL INFORMATION?
5.1Our usual approach to holding personal information includes holding that personal information:
5.2We secure the personal information we hold in numerous ways, including:
6. WHY DO WE COLLECT, HOLD, USE OR DISCLOSE PERSONAL INFORMATION?
6.1We take reasonable steps to use and disclose personal information for the primary purpose for which we collect it. The primary purpose for which information is collected varies, depending on the particular service being provided and the individual from whom we are collecting the information but is generally as follows:
6.2Personal information may also be used or disclosed by us for secondary purposes that are within an individual’s reasonable expectations and that are related to the primary purpose of collection.
6.3We may also collect and use the personal information of our sole trading customers, the employees of the businesses that engage us and Contacts:
6.4We may collect and use the personal information of our contractors, service providers and agents:
6.5We may disclose personal information to:
6.6Otherwise, we will only disclose personal information to third parties if permitted by the Privacy Act.
7. DIRECT MARKETING
7.1We may send you direct marketing communications and information about our products and services that we consider may be of interest to you. These communications may be sent in various forms, including mail and email, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth). If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so.
7.2In addition, at any time you may opt-out of receiving marketing communications from us by contacting us (see details below), or by using opt-out facilities provided in the marketing communications and we will then ensure that your name is removed from our mailing list.
8. WILL WE DISCLOSE PERSONAL INFORMATION OUTSIDE AUSTRALIA?
8.1We generally do not disclose personal information outside of Australia.
8.2Your personal information will not be disclosed to overseas recipients unless we are satisfied that the recipient is subject to privacy protection laws that offer substantially similar levels of protection as those required under the Australian Privacy Principles or if we have taken reasonable steps to ensure this personal information is handled in a safe and secure manner and that overseas entity is aware of the obligations relating to the information under the APPs.
9. HOW DO WE MANAGE YOUR CREDIT INFORMATION?
What kinds of credit information may we collect?
9.1We generally do not collect credit information about Contacts, our contractors, service providers, agents and their employees or prospective contractors, prospective service providers or prospective employees.
9.2However, in the course of providing our products and services to a customer, we may collect and hold the following kinds of credit information about our sole trader customers:
9.3In some limited circumstances, we may incidentally obtain credit information about Contacts from the businesses that engage us.
How and when do we collect credit information?
9.4In most cases, we will only collect credit information directly from a sole trader customer.
9.5Other sources we may collect credit information from include:
9.6We do not collect or hold credit information from credit reporting bodies
How do we store and hold the credit information?
9.7We store and hold credit information in the same manner as outlined in section 5 of this policy.
Why do we collect the credit information?
9.8Our usual purpose for collecting, holding, using and disclosing credit information about you is to enable us to provide you with our products and services.
9.9We may also collect the credit information to:
9.9We may also collect the credit information to:
Overseas disclosure of the credit information
9.10We generally do not disclose credit information overseas but we may engage software providers that store information in public clouds with data centres located overseas. We have outlined this in detail in section 8 of this policy
How can I access my credit information, correct errors or make a complaint?
9.11You can access and correct your credit information, or complain about a breach of your privacy in the manner set out in section 11 of this policy.
10. HOW DO WE HANDLE DATA BREACHES?
10.1A data breach occurs when personal information is lost or subjected to unauthorised access, use, modification or disclosure or other misuse or interference.
10.2We have implemented a data breach response plan to assist us to effectively contain, evaluate and respond to data breaches in order to mitigate potential harm to any persons affected by a data breach.
10.3In summary, our data breach response plan:
10.4We will generally notify you if we reasonably believe that your personal information has been subjected to a data breach if:
10.5We will also notify the Privacy Commissioner if we reasonably believe that your personal information has been subjected to a data breach that is likely to result in serious harm to you.
10.6Where appropriate, we may also notify other third parties of a data breach.
11. HOW DO YOU MAKE COMPLAINTS OR ACCESS AND CORRECT YOUR PERSONAL OR CREDIT INFORMATION?
11.1It is important that the information we hold about you is up-to-date. You should contact us if your personal information changes.
Access to information and correcting personal information
11.2In the case of Contacts –
11.3It is important that the information we hold about you is up-to-date. You should contact us if your personal information changes.
11.4We may charge a fee for reasonable costs incurred in responding to any access request. The fee (if any) will be disclosed before it is levied.
11.5If the personal information we hold is not accurate, complete and up-to-date, we will take reasonable steps to correct it so that it is accurate, complete and up-to-date, where it is appropriate to do so.
11.6If you want to complain about an interference with your privacy, you must follow the following process:
Who to contact
11.7A person may make a complaint or request to access or correct personal information about them held by us. Such a request must be made in writing to the following address:
Postal Address: 61 Southgate Avenue Cannon Hill QLD 4170
Telephone number: 07 3902 7700
Email address: firstname.lastname@example.org
12. CHANGES TO THE POLICY
12.2This policy is effective from August 2018. If you have any comments on the policy, please contact our privacy officer using the contact details in section 11 of this policy.