Privacy Policy SM8A
Safety Mates Australia
Operations Management System
Privacy Policy
Contents
1. Policy Statement
2. Introduction
3. Scope
4. General
1. Personal information
2. Sensitive Information
3. Collection of your personal information
4. Anonymity and Pseudonymity
5. Identifiers
6. Use and disclosure of your personal information
7. The types of organisations to which we may disclose your personal information
8. Cookies
9. Cross Border Disclosure
10. Data quality and security
11. Notifiable Data Breaches
12. Storage of personal information
13. Access to and correction of your personal information
14. Consent
15. Resolving Privacy Complaints
1. Policy Statement
The Information Privacy Act 2009 (Qld) sets out 13 Australian Privacy Principles (APPs) which regulate how Safety Mates Australia collects, stores, provides access to, uses and discloses personal information. The Act enforces the APPs with a statutory based complaints scheme which can include the award of compensation for privacy breaches in certain circumstances.
Safety Mates Australia is committed to the objectives of the Information Privacy Act 2009. This policy is based on the following principles:
1. The business supports responsible and transparent handling of personal information;
2. The business respects an individual's right to know how their personal information will be collected, used, disclosed, stored and disposed of; and
3. Adequate privacy protection is a necessary condition for the business and its associated entities to participate in e-communications and e-transactions.
Personal information will be collected, stored, used and disclosed in accordance with the procedures.
2. Introduction
Safety Mates Australia is committed to safeguarding our member’s privacy and ensuring the confidentiality and security of the personal information we may collect from you.
To comply with legal requirements and to ensure operational needs can be discharged effectively, it is necessary for us to collect certain personal information from members and other individuals and organisations we associate with.
At the minimum, this may include information such as names, and contact details. Additional information may be required, depending on the nature of your relationship with Safety Mates Australia.
We will only use or disclose your personal information for the primary purpose it was collected for, unless you have consented to the information being used for a secondary purpose.
The Business takes all reasonable measures to protect personal information from loss, unauthorised access, destruction, misuse, modification or disclosure.
If the unauthorised use of personal information is identified, Safety Mates Australia will take all practicable steps to ensure that the breach is notified to the individuals in question, including actions taken to contain the breach. The breach shall also be reported to relevant entities such as the Office of the Information Commissioner, as prescribed by the Australian Privacy Principals.
3. Scope
The Privacy Policy applies to personal information collected by Safety Mates Australia. The business is an applicable organisation under the Privacy Act 1988 (Cth). This act governs the way our entities collect, use, keep secure and disclose personal information.
This Policy outlines how the business will comply with the Australian Privacy Principles (APP’s), including:
· Information we collect;
· How and when we collect personal information;
· How we use and disclose personal information;
· How we keep personal information secure, accurate and up-to-date;
· How an individual can access and correct their personal information;
· Changes to the Privacy Policy;
· How to contact us; and
· How we will facilitate or resolve a privacy complaint.
We recommend that you read and understand the Privacy Policy and keep it for future reference. The Policy is subject to change and Safety Mates Australia encourages its members to review the Policy periodically. If you require any clarification, you can contact us on the address at the end of the document.
4. General
1. Personal information
What is Personal Information?
(a) Personal information is defined under the Privacy Act 1988 to mean “information or an opinion, whether true or not, and whether recorded in a material form or not, about an individual whose identity is reasonably identifiable, from the information or opinion”.
(b) Some examples of personal information are your name, residential address, email address, bank details, photos and opinions on your likes and dislikes that can identify you.
2. Sensitive Information
What is Sensitive Information?
(a) Sensitive information is a subset of personal information.
(b) It means “information or opinion about an individual’s racial or ethnic origin, political opinions, membership of a political organisation, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health information about an individual, genetic information, biometric information that is to be used for the purpose of automated biometric verification or biometric identification or biometric templates”.
Collection of Sensitive Information
(a) In general, we attempt to limit the collection of sensitive information we may collect from our members, this largely depends on the use you make of our products or our relationship with you, this may not always be possible and we may collect sensitive information from you in order to carry out services provided to you.
(b) The type of sensitive information we may collect from you or record about you is dependent on your relationship with the business (i.e. member or supplier) and will be limited to the purpose(s) for which it is collected.
(c) We do not use information to send you Direct Marketing Communications (as defined in Section 9 of this Policy) without your consent.
(d) We will not collect sensitive information from you without your consent.
Consent to collection of certain types of sensitive information
We will not collect any sensitive information from our members.
3. Collection of your personal information
We will only collect personal information that is necessary for us to either provide our products and services to you or to communicate with you. This depends ultimately upon the purpose of collection and we have set out the general purposes of collection below.
The type of information includes (but is not limited to) the following:
(a) For suppliers or goods and services providers, contact information such as company name, ABN/CRN, business address, email, website, phone numbers etc;
(b) For members, your contact information such as full name (first and last), e-mail address and job title;
(c) Member will also be subject to data gathering for entry and activity on the business’s website, including;
(1) The user’s server address;
(2) The user’s domain name (e.g. .com, .gov, .net, .au etc.)
(3) The date and time of the visit and the pages accessed or downloaded.
Note: No attempt will be made to identify users or their browsing activity except, in the unlikely event of an investigation, where a law enforcement agency may exercise a warrant to inspect the logs.
(d) if you are requesting products or services from us or we are purchasing goods or services from you, then any relevant payment or billing information (including but not limited to bank account details, direct debit, credit card details, billing address, repayment information and invoice details).
As far as possible or unless provided otherwise under this privacy policy, we will collect your personal information directly from you.
In the event we collect details about you from someone else, such as your employer, we will, whenever reasonably possible, make you aware that we have done this and the reason for it.
If we receive unsolicited personal information about or relating to you and we determine that such information could have been collected lawfully, then we will treat it in the same way as solicited personal information and in accordance with the APPs.
If we determine that such information could not have been collected in the same manner as solicited personal information, and that information is not contained in a Commonwealth record, we will, if it is lawful and reasonable to do so, destroy the information or de-identify the information.
When you engage in certain activities, such as entering a contest or promotion, filling out a survey or sending us feedback, we may ask you to provide certain information, which you may withhold or provide at your own discretion. It is optional for you to engage in these activities.
Depending upon the reason for requiring the information, some of the information we ask you to provide may be identified as mandatory or voluntary. If you do not provide the mandatory data or any other information, we require in order for us to provide our services to you, we may be unable to provide or effectively provide our services to you.
If you use our website, we may utilise "cookies" which enable us to monitor traffic patterns and to serve you more efficiently if you revisit our website. A cookie does not identify you personally but may identify your internet service provider or computer. You can set your browser to notify you when you receive a cookie, and this will provide you with an opportunity to either accept or reject it in each instance.
4. Anonymity and Pseudonymity
If you wish to do so, when making enquiries or dealing with the business you may elect not to identify yourself or use a pseudonym. This may be particularly prevalent where individuals wish to participate in a blog or enquire about a particular campaign.
Your decision to interact anonymously or by using a pseudonym may affect the level of services we can offer you. In most cases, it may be impracticable to deal with or disclose information to individuals who fail to disclose their identity.
In certain matters, the business may be required or authorised to deal with only those individuals who have identified themselves. In cases where failing to disclose your identity will affect the level of service we can offer you, we will inform you of such and advise you of any additional options which may be available to you.
Notwithstanding the above clauses, various liquor and gaming laws require that an individual must identify themselves on each occasion they enter the business’s facilities. Patrons who also wish to become members must identify themselves and will be required to do so, each time they are requested to whilst attending the premises.
5. Identifiers
Each member can be identified by inputting the individual details, (last name, member number etc) into the Businesss data base.
Identifiers for other individuals or organisations who provide information to the business, are ascertained by account numbers, supplier codes or other distinguishing information provided.
The business does not adopt any government related identifiers as its own.
All government related identifiers (Medicare card, tax file, ABN numbers etc), applied to an individual or an organisation are only used by the business for their prescribed circumstances, as required by Government bodies or agencies.
The business will take all steps necessary to ensure that the government related identifiers are not disclosed to any other individuals or organisations other than those listed above.
6. Use and disclosure of your personal information
We will only use or disclose your personal information for the primary purposes for which it was collected or as consented to and/or as set out below.
You consent to us using and disclosing your personal information to facilitate a purpose in connection with:
(a) If required, the verification of your identity, including the verification of your name, if applicable;
(b) Facilitating membership;
(c) Provision of our products and services to you, which shall include but is not limited to:
(1) The administration and management of our products and services, including charging, billing, credit card authorisation and verification, checks for financial standing, credit-worthiness (including but not limited to undertaking an assessment for credit loss and obtaining credit references, if applicable), fraud and collecting debts; and
(d) To facilitate the administration, management and improvement of the business, including but not limited to:
(1) The use of your personal information collected in accordance with section 3 of this policy document and in the administration and management of the business;
(2) The management, governance and administration of the business, including but not limited to any management and governance meetings of the business;
(e) If applicable, any requirement to include you in various registers maintained by the business including, but not limited to, the register of excluded persons;
(f) The improvement of our services (including to contact you about those improvements and asking you to participate in surveys about our products and services);
(g) The maintenance and development of our products and services, business systems and infrastructure;
(h) Our compliance with applicable laws; and
(i) Any other matters reasonably necessary to continue to provide our products and services to you.
We may also use or disclose your personal information and in doing so we are not required to seek your additional consent:
(a) When it is disclosed or used for a purpose related to the primary purposes of collection detailed above and you would reasonably expect your personal information to be used or disclosed for such a purpose;
(b) If we reasonably believe that the use or disclosure is necessary to lessen or prevent a serious or imminent threat to an individual’s life, health or safety or to lessen or prevent a threat to public health or safety;
(c) If we have reason to suspect that unlawful activity has been, or is being, engaged in; or
(d) If it is required or authorised by law.
In the event we propose to use or disclose such personal information other than for reasons detailed in section 6 above, we will first seek your consent prior to such disclosure or use.
If you have received communications from us and you no longer wish to receive those sorts of communications, you should contact via the details set out at the end of this document and we will ensure the relevant communication ceases.
Any other use or disclosure we make of your personal information will only be as required by law or as permitted by the Privacy Act 1988 or by this privacy policy or otherwise with your consent.
7. The types of organisations to which we may disclose your personal information
We shall not disclose your personal information to any other organisation at any time.
8. Cookies
Internet cookies are small strings of text placed on users' hard drives during the data exchange that happens when a browser points to a website. Cookies allow a website to store information on a user's machine and retrieve it later. Cookies and other information collection technologies can only store information that is explicitly provided by the user or visitor in the first place, or information the website already knows about the user, such as their IP address.
Safety Mates Australia’s website uses cookies for:
· Identifying unique visitors to the site for statistical purposes (that is, you may be allocated a visitor number which will be held in a cookie on your computer or device for a fixed period, such as 30 days. This cookie will also hold your IP address).
Safety Mates Australia may also use Google Analytics to gather statistics about how its website is accessed. Google Analytics uses cookies to gather information for the purpose of providing statistical reporting. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers located outside of Australia. No personally identifying information is recorded or provided to Google.
Safety Mates Australia may use third party marketing platforms, including Google Ads, Facebook, and Twitter to market its products and services.
These marketing platforms may also serve our ads to you on their own websites, or on partner websites and apps. The marketing platforms we use allow us to advertise and communicate to you based on profiles developed according to your use of our websites, personal information you provide to us, and your response to the advertising messages we serve to you.
We may also use third party audience data from Google Analytics, such as age, gender and interests, to provide advertising that's suited to your preferences. No personally identifiable information is recorded or provided to these third parties through this process, however information generated by the cookie about your use of our website may be transmitted to our vendors and may be stored on servers outside of Australia.
Safety Mates Australia contracts third party service providers to market its products and services.
These third-party providers are contracted to protect any personal data with the same level of protection as Safety Mates Australia.
Most browsers can be set to accept or reject cookies. You can choose to adjust your browser to reject cookies or to notify you when they are being used. Sometimes, rejecting cookies results in a loss of some website functionality.
9. Cross Border Disclosure
Any personal information that you provide to us may be transferred to, and stored at, a destination outside Australia (usually cloud based storage entities such as Amazon etc), where we may utilise overseas data and website hosting facilities or have entered into contractual arrangements with third party service providers to assist us with providing our goods and services to you. Personal information may also be processed by staff or by other third parties operating outside Australia who work for us or for one of our suppliers, agents, partners or related companies.
By submitting your personal information to us, you expressly agree and consent to the disclosure, transfer, storing or processing of your personal information outside of Australia. In providing this consent, you understand and acknowledge that countries outside Australia do not always have the same privacy protection obligations as Australia in relation to personal information. However, we will take steps to ensure that your information is used by third parties securely and in accordance with the terms of this privacy policy.
The Privacy Act 1988 requires us to take such steps as are reasonable in the circumstances to ensure that any recipients of your personal information outside of Australia do not breach the privacy principles contained within the Privacy Act 1988.
By providing your consent, under the Privacy Act 1988, we are not required to take such steps as may be reasonable in the circumstances. However, despite this, we acknowledge the importance of protecting personal information and have taken reasonable steps to ensure that your information is used by third parties securely and in accordance with the terms of this privacy policy.
If you do not agree to the transfer of your personal information outside Australia, please contact us via the details set out in Section 17 of this document.
10. Data quality and security
We have taken steps to help ensure your personal information is safe. All practicable measures are taken by the business to ensure information security, however, we cannot guarantee the security of all transmissions or personal information, especially where the Internet is involved.
Notwithstanding the above, we will take reasonable steps to:
(a) Make sure that the personal information we collect, use or disclose is accurate, complete and up to date;
(b) Protect your personal information from misuse, loss, unauthorised access, modification or disclosure both physically and through computer security methods; and
(c) Destroy or permanently de-identify personal information if it is no longer needed for its purpose of collection.
However, the accuracy of personal information depends largely on the information you provide to us, so we recommend that you:
(a) Let us know if there are any errors in your personal information; and
(b) Keep us up-to-date with changes to your personal information (such as your name or email address).
Safety Mates Australia undertakes an annual review of its member’s details. Prior to renewing a member’s membership, if requested we can provide you with the current details we hold on the system. If there are errors in these details, we urge you to advise the business and we will update them accordingly.
Personal information, which is held by the business will be destroyed, when the business receives:
(a) A request from an individual that their membership be terminated;
(b) Notification of the death of a member or a person for which the business holds personal information for; or
(c) Notification that a membership has lapsed and is not renewed within the six-month grace period.
11. Notifiable Data Breaches
We have taken steps to help ensure your personal information is safe.
Whilst all practicable security measures are taken it must be stated that we cannot guarantee the security of all transmissions or personal information, especially where the Internet is involved.
If the business suspects that there has been a data breach, they will take immediate steps to contain the extent of the breach and limit any further access to the information.
Once the data breach has been contained, the business will then assess the breach and investigate how the incident occurred within thirty (30) days. Once the business has the relevant information, they will make an evidence-based decision as to whether serious harm is likely.
If it is deemed that serious harm is likely, the business will both notify the individual whose data has been breached and the Office of the Information Commissioner QLD. The notification will include any remedial actions taken by the Business in response to the breach.
Where a breach occurs, the Business will review the circumstances surrounding the breach and take action to prevent any further breaches.
12. Storage of personal information
Electronic personal information is stored on servers that are owned and controlled by Amazon Web Services, locations in Sydney & Melbourne.
All ‘back-up” services provided by AWS, stores multiple backups in Multiple Regions in Australia.
If the business wishes to do so, personal information may also be stored in a secure web-based application on a data server, which is owned and operated by a third party (e.g. AWS). The business will take reasonable steps to ensure that any third-party providers comply with the APP’s.
At such time that the business does not require your personal information (and is not obligated to keep records by law), the business will take all reasonable steps to ensure that the information is de-identified and destroyed. Please see section 12 of this policy document.
13. Access to and correction of your personal information
You are entitled to have access to any personal information relating to you which we possess, except in some exceptional circumstances provided by law. You are also entitled to edit and correct such information if the information is inaccurate, out of date, incomplete, irrelevant or misleading.
If you would like access to, or if you would like to correct any records of personal information, we have about you, you are able to access and update that information (subject to the above) by contacting us via the details set out in Section 15 of this document.
Prior to accessing any confidential information, you may be required to produce acceptable photographic or 100 points of identification. Failure to comply with this requirement, may result in your request for information being denied.
14. Consent
You are agreeing to the terms of this privacy principle if you visit the business, use our website or by accepting the terms of one of our terms and conditions (relating to a product or service offer) which refer to this privacy policy.
We reserve the right to modify the privacy policy as our business needs require. We will notify you of such changes (whether by direct communication or by posting a notice on our website), after which, your continued use of our products, services or website or your continued dealings with us shall be deemed to be your agreement to the modified terms. If you do not agree to our continued use of your personal information due to the changes in our privacy policy, please contact us via the details set out at the end of this document.
15. Resolving Privacy Complaints
We have put in place an effective mechanism and procedure to resolve privacy complaints. All Complaints will be handled by the Daniel Brimelow. All complaints are dealt with in a reasonably appropriate timeframe so that any decision (if any decision is required to be made) is made as quickly as is practicable.
If you have any concerns or complaints about the manner in which we have collected, used or disclosed and stored your personal information, you can tell us by contacting the Daniel Brimelow who acts as out Compliance Manager for the purpose of this document.
· Telephone: N/A
· Email: support@sm8a.com.au
· Post: Unit 6 727 Stanley Street Woolloongabba QLD 4102
To ensure confidentiality, please clearly mark your correspondence to the attention of Daniel Brimelow. An address and telephone number will be provided once contact is made.
In order to resolve a complaint, we:
(d) Will liaise with you to identify and define the nature and cause of the complaint;
(e) May request that you provide the details of the complaint in writing;
(f) May request that you provide any and all supporting documentation;
(g) Will keep you informed of the likely time within which we will respond to your complaint; and
(h) Will inform you of the legislative basis (if any) of our decision in resolving such complaint.
We will keep a record of the complaint and denote any action taken in a privacy register.
Date of Effect: May 2019
Authorised By: Daniel Brimelow
Date Review Due: May 2020