This Policy was last revised on 11 NOVEMBER 2021
1 Your Privacy
This Policy will be updated from time to time. You should review this Policy each time you provide us with Personal Information.
This Policy does not create any rights or obligations that you can legally enforce against us beyond the rights and obligations provided under the Act.
If you would like further information on this Policy, if you have any concerns over the protection of the information you have given to us or that we have collected from others, or if you would like to gain access to your Personal Information or correct or update your Personal Information, please contact our Privacy Officer:
The Privacy Officer
Phone: +61 7 3220 1435
2 What is Personal Information?
Under the Act, Personal Information is defined to mean information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.
3 Collecting Personal Information
We will collect Personal Information by lawful and fair means and not in an unreasonably intrusive manner.
Information may be collected from you, from third parties (e.g. third party service providers whom provide us services or whom engage with us on your behalf), from publicly available sources of information or public records.
Where practicable, we will inform you of the purpose for which we are collecting Personal Information and will collect Personal Information about you only from you, from a person authorised to act on your behalf, or with your authorisation.
4 What Personal Information we may collect
We may collect the following type of Personal Information from you:
(a) contact information including your name, email address, facsimile number, telephone numbers, residential or business address(es) and other details;
(b) identification information including your name, date of birth, current or previous residential or business address(es), and driver's licence number;
(c) information provided when you send an email or other communication to us;
(d) information provided when logging onto our websites, mobile applications, or other services;
(e) information recorded by our server which is sent by your browser or device when it connects to our server. The information provided may include your Internet Protocol (IP) address, cookies, and your browser and device type and language; and
(f) any other information you provide us.
5 Why we collect and use your Personal Information
We may collect, hold, use, and disclose, Personal Information to:
(a) provide you and others with services;
(b) verify other Personal Information we may hold from or about you;
(c) inform you of additional products, services or information which may be of interest to you;
(d) provide your contact details to our partners who have agreed to provide you with any offers, goods or services (if any);
(e) develop existing and new products and services;
(f) maintain and update our business infrastructure and systems;
(g) promote and advertise our business, products and services;
(h) for security and occupational health and safety purposes;
(i) for internal management and administrative purposes; and / or
(j) comply with any applicable law, regulation, legal process or governmental request.
If we do not collect the Personal Information we may not be able to provide you with particular products, services, offers or assistance you have requested.
We will not use your Personal Information for a purpose other than the primary purpose for which it is collected, unless we have obtained your consent to do so, or the secondary purpose is related to the primary purpose (e.g. further correspondence from us regarding new products or services related to products and services you have previously obtained from us), or we are compelled by law.
6 Marketing and advertising
If you have given your consent to receive marketing communication and newsletters, we will use your Personal Information to send you marketing communications/newsletters by e-mail and/or short message service (SMS).
We may use and disclose your Personal Information to provide you with information about products or services offered by us or other parties.
At any time, if you no longer wish to receive any additional marketing material from us, contact our Privacy Officer in writing and your details will be removed from the marketing database.
Please note that we will only use your Personal Information for sending marketing material if we have previously obtained your explicit consent, unless the law allows us to contact you without consent. In this case, we will only use your Personal Information for legitimate marketing purposes only.
We do not keep your Personal Information for any particular period of time, unless we are required to by law.
7 Disclosure of your Personal Information
We may disclose your Personal Information to our subsidiaries and other companies related to or associated with us for the purposes described above.
We may also disclose any Personal Information we receive (as we deem necessary in our sole discretion) to comply with any applicable law, regulation, legal process or governmental request.
Persons accessing your Personal Information may include our own and our contractor's affiliates (e.g. employees, agents, consultants, insurers, other advisers etc.), our subsidiaries, advertisers, our partners (who offer services, promotions and products from time to time) and affiliated companies. Some of these people may be located in countries outside Australia.
8 Integrity of Personal Information
We endeavour to ensure that all Personal Information that we hold is accurate, complete and up-to-date. To assist us with this, individuals should contact us if any of their Personal Information changes, or if they believe that the Personal Information that we have is not accurate or complete.
When Personal Information that we collect is no longer required by us, we will destroy or de-identify that Personal Information unless we are required by a law or a court/tribunal to retain the Personal Information.
We may retain Personal Information for so long as it is required for any of our business purposes, for the prevention of fraud, for insurance and governance purposes and in our ordinary back-ups and archival records.
9 Security of Personal Information
We store your Personal Information in different ways, including in paper and in electronic form. The security of your Personal Information is important to us, and take reasonable steps to protect your Personal Information from misuse, loss, unauthorised access, modification or disclosure.
However, the open nature of the Internet is such that information exchanged via the Internet may be accessed and used by people other than those for whom the data is intended. Any Personal Information is therefore sent via the Internet or email at your own risk. You should also be aware that no system is completely secure against an attack by malicious actors.
You should contact us immediately if you believe that there has been unauthorised access or disclosure with respect to any Personal Information that we hold about you.
10 Access to Personal Information
You are entitled to have access to and seek correction of any Personal Information that we may hold about you, subject to the grounds for refusal under the Act, by making a written request. Such requests should be addressed to our Privacy Officer via the details provided in this Policy.
We will take appropriate steps to verify your identity (or verify that you act as an authorised agent of the individual concerned) before granting access to your Personal Information.
We do not impose any charge for requesting access to Personal Information however we may, at our discretion, impose a reasonable charge for giving access to cover staff and copying costs.
We do not impose any charges with respect to requests to update or correct your Personal Information.
Accessing your Personal Information
We will respond to your request for access to your Personal Information within a reasonable time after you make the request and if access is granted, access will be provided within 30 days from your request. If we deny your request, we will provide you with a written notice detailing reasons for the refusal and the process for making a complaint about the refusal to grant your request.
Where your request for access is accepted, we will provide you with access to your Personal Information in a manner, as requested by you, providing it is reasonable to do so.
Correcting your Personal Information
Your request for correction will be dealt with within 30 days, or such longer period as agreed by you. If we deny your request, we will provide you with a written notice detailing reasons for the refusal and the process for making a complaint about the refusal to grant your request.
We will accept your request for correction of your Personal Information if we are satisfied that it is inaccurate, out-of-date, incomplete, irrelevant or misleading.
Upon accepting a request for correction of your Personal Information, we will take all steps that are reasonable in the circumstances, having regard to the purpose for which your information is held, to correct your Personal Information.
If we refuse to correct your Personal Information you have the right to associate with the information a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading. We will take such steps as are reasonable in the circumstances to associate that statement with all records we hold that contain the relevant information.
By providing us with Personal Information, you consent to:
(a) our maintaining, using and disclosing your Personal Information in the way described in this Policy; and.
(b) any disclosure of your Personal Information by us overseas on the understanding that if the overseas recipient handles the Personal Information in breach of theAPPs, the entity will not be accountable under the Act, and you will not be able to seek redress under the Act. The overseas recipient may not be subject to privacy obligations or any principles similar to theAPPs. Individuals may not be able to seek redress in some overseas jurisdictions, and overseas recipients may be subject to a foreign law that could compel the disclosure of Personal Information to a third party such as an overseas authority.
12 Notifiable data breaches
We will notify you and the Office of the Australian Information Commissioner about any data breach that is likely to result in serious harm to you. There are exceptions where notification is not required, for example where we have already taken appropriate remedial action that removes the risk of serious harm to any individuals, or where there is another party who has the more direct relationship with you and it is more appropriate to provide that other party with that notice.
13 Privacy Related Complaint
If you believe that we have breached the Act you may make a complaint. A written complaint can be emailed or posted to our Privacy Officer using the contact details set out above. Please include your contact details for us to contact you regarding your complaint.
Our Privacy Officer will consider your complaint and respond as soon as reasonably possible, but not more than 30 days from receiving the complaint.
If you are unsatisfied with the outcome of your complaint you may refer your complaint to the Office of the Australian Information Commissioner.
15 Further information
If you would like further information regarding your privacy rights, please contact the Office of the Australian Information Commissioner.
GPO Box 528
Sydney NSW 2001
Phone: 1300 363 992
Facsimile: +61 2 9284 9666