1.2 We are committed to protecting your personal information, and ensuring its privacy, accuracy and security. We handle your personal information in a responsible manner in accordance with the Privacy Act 1988 (Act) and the Australian Privacy Principles (APPs).
2 Personal information
2.1 ‘Personal information’ means:
- Information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether or not recorded in a material form.
2.2 ‘Sensitive information’ (a type of personal information), means:
- Information or an opinion about an individual’s race or ethnic origins, political opinions and associations, religious beliefs or affiliations, philosophical beliefs, sexual preferences or practices, trade or professional associations and memberships, union membership, criminal record, health or genetic information or biometric information.
2.3 Sensitive information will be used by us only:
- For the primary purpose for which it was obtained
- For a secondary purpose that is directly related to the primary purpose
- With your consent; or where required or authorised by law.
3 How do we collect personal information?
3.1 We may collect your personal information from a range of sources, including from you, recruitment agencies, contractors, business partners and government agencies. For example, we may collect your personal information when you request or acquire a product or service from us, provide a service or product to us, apply for employment with us or communicate with us via our website to request information about our products and services, by e-mail, telephone or in writing.
3.2 When we collect Personal Information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.
4 What types of personal information do we collect and hold?
4.1 The kinds of personal information we collect and hold will depend on how you engage with us. It may include names, addresses, e-mail addresses, date of birth, phone numbers, payment details (for as long as required to complete a PEMS transaction), occupation and employment details and other information to assist us in conducting our business, and providing and marketing our products and services.
4.2 For our own internal uses we may store your information securely including your title, name, number plate details in our internal CRM back-end system but we don’t pass this information to anyone outside the organisation.
5 Why do we collect and how do we use personal information?
5.1 We collect the personal information:
- necessary for us to provide you with the products and services you have requested from us;
- for marketing purposes and to provide you with information about products and services that may be of interest to you;
- to improve the products and services we provide;
- and to enable us to conduct our business, including meeting our legal and regulatory obligations.
5.2 We use personal information we collect for reasons which may include the following:
- to communicate with you and provide you with information, products or services you have requested;
- to manage and administer any account you may hold with us;
- to help us research the needs of our customers and to market our products and services with a better understanding of your needs and the needs of customers generally;
- to conduct research for the purposes of improving existing products or services or creating new products or services;
- to process any job application submitted by you;
6 Collection of other information
6.1 If you visit our website, some of the information we collect about your visit to our website is not personal information because it does not reveal your identity. Information of this nature can include:
- Site visit information: general information about your visit which may include your IP or MAC address, server address, the date and time of your visit, the pages you accessed, the information you downloaded and the type of Internet browser you used. We may use this information in anonymous, aggregated form, for statistical purposes only, to assist us in improving the quality and usability of our website.
- Cookies: small strings of information that a website transfers to your browser for identification purposes. When you browse our website, cookies will be placed on your computer so that we can understand what you are interested in. The cookies we use may identify individual users. We may use both session and persistent cookies. This information may be used to personalise your current visit to our website. Upon closing your browser, the session cookie is destroyed. Most Internet browsers can be set to accept or reject cookies. If you do not want to accept cookies, you can adjust your Internet browser to reject cookies or to notify you when they are being used. However, rejecting cookies may limit the functionality of our website.
- Analytics: From time to time, we use data provided by a trusted third-party analytics platform to help us understand the usage habits of users and members. Our analytics provider doesn’t identify you personally or associate your IP address with any other data held by third party platforms or cloud-based services. We only provide our analytics provider with our information, which doesn’t contain any identifiable personal information. Outside of our systems, this information provided can’t be attached to any particular member or user.
7 Direct marketing
7.1 From time to time, we may use personal information to inform our customers, prospective customers and other persons with whom we interact about our products and services, or about special offers, promotions and events that we think may be of interest to you.
7.2 We may provide this information using any contact number or address provided by you. We will generally give you the opportunity to express a wish not to receive direct marketing communications. Your consent to receive direct marketing communications in the above ways will be deemed if you do not opt out when we offer you the opportunity to do so, and will remain current for an indefinite period of time unless and until you advise us otherwise. You can opt-out of receiving direct marketing at any time by contacting us or by unsubscribing via the relevant marketing communication.
7.3 We generally will not disclose personal information to external organisations for the purposes of allowing them to direct market their products to you.
8 How we deal with unsolicited personal information?
8.1 If we receive personal information about you that we have not requested, and we determine that we could not have lawfully collected that information under the APPs had we asked for it, we will destroy or de-identify the information if it is lawful and reasonable to do so.
9 Third Parties
9.1 Where reasonable and practicable to do so, we will collect your Personal Information only from you. However, in some circumstances we may be provided with information by third parties. In such cases we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.
10 Disclosure of Personal Information
10.1 Your Personal Information may be disclosed in a number of circumstances including the following:
- Third parties where you consent to the use or disclosure; and
- Where required or authorised by law.
11 Security of Personal Information
11.1 We have procedures and security features in place to keep your personal information secure once we receive it. Your personal information is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure. Some of the ways we protect your personal information include:
- external and internal premises security;
- restricting access to personal information only to staff who need it to perform their day to day functions;
- maintaining technology products preventing unauthorised computer access or damage to electronically stored information, such as requiring identifiers and passwords, firewalls and anti-virus software; and
- maintaining physical security over paper records.
11.2 When your personal information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your personal information. However, most of the personal information is or will be stored in client files which will be kept by us for a minimum of 7 years.
1.3 Card payments
- If you choose a direct payment gateway to complete your transaction, then your credit card data is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete the transaction. After that is complete, your purchase transaction information is deleted.
- All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
12 Do you have to disclose your identity when dealing with us?
12.1 Where lawful and practicable, we will give you the option of interacting with us anonymously or using a pseudonym. However, it may be impracticable to deal with you or your organisation’s personnel on an anonymous basis when providing our products and services.
13.1 You may request access to the personal information we hold about you by contacting us. We will respond to your request within a reasonable time. We will provide you with access to the information we hold about you unless otherwise permitted or required by law.
13.2 If we deny you access to the information, we will notify you of the basis for the denial unless an exception applies. Where reasonable and practicable, we will provide access to the information we hold about you in the manner you request. No fee applies for requesting access to information we hold about you. However, we reserve the right to charge a reasonable fee where we do provide access.
14.1 If you believe that personal information we hold about you is incorrect, incomplete or not current, you may request that we update or correct your information by contacting us.
14.2 We will deal with your request within a reasonable time. If we do not agree with the corrections you have requested (for example, because we consider that the information is already accurate, up to date, complete, relevant and not misleading), we are not required to make the corrections. However, where we refuse to do so, we will give you a written notice setting out the reasons.
15.1 If you have a complaint in relation to the collection, storage, use or disclosure of your personal information, please contact our Privacy Officer using the details below. You will need to provide us with details of your complaint, as well as any supporting evidence and information.
15.2 We will review all complaints received and our Privacy Officer will respond to you. If you are not satisfied with our response, you may discuss your concerns with or complain to the Australian Privacy Commissioner via www.oaic.gov.au
16.2 Any revised policy will be placed on our website at http://duncansolutions.com.au/about-us/privacy-policy/.
17 How to contact us
17.1 If you:
- wish to make a complaint in relation to a breach of your privacy;
- would like to access your Personal Information held by us; or
- would like to correct your Personal Information held by us,
Please contact Duncan Solutions’ Privacy Officer by writing to: Privacy Officer, Duncan Solutions, 15/39 Herbert Street, St Leonards, NSW, 2065 or by email at firstname.lastname@example.org.