On 12 March 2014 the Australian Privacy Principles (the Principles) entered into force. The Principles are found in Schedule 1 of the Privacy Act 1988 (Cth) (the Act). The Principles establish requirements for the way organisations collect, store and use an individual’s personal information. SECTARA is subject to the Principles and are committed to the protection of individuals’ privacy in accordance with the Principles.
The Policy applies to personal information individuals provide to SECTARA, whether that information is provided under any agreement, at SECTARA’s offices, through its website, or through email, telephone or other communication with SECTARA’s employees or agents.
1. Collection of Information
Collection of Personal Information
SECTARA may collect the following kinds of personal information from a client’s representative(s):
- their full name;
- their employer and role;
- their contact details, including a postal and a work address, email address and telephone number(s);
- other personal information reasonably necessary for one or more of SECTARA’s Purposes set out in clause 3 of this Policy;
- records and content of any communications between the client’s representatives and SECTARA; and
- online tracking details obtained through ‘cookies’.
SECTARA will only collect personal information by lawful and fair means and where that information is reasonably necessary for one or more of the SECTARA’s functions or activities, as identified in SECTARA’s Purposes at clause 3 of the Policy.
SECTARA generally collects the personal information at subclauses 1(a) through (f) from individuals with their consent. SECTARA will only collect personal information from a third party where it is unreasonable or impractical to collect the information directly from the client. Such third parties include organisations that maintain publicly accessible or fee-for-access records.
Collection of Sensitive Information
Sensitive information is defined in the Act as information about an individual’s ethnic origin, beliefs (whether political, religious or philosophical), sexual orientation, criminal history, health, genetics and membership of political or trade associations. SECTARA is not in the business of collecting such information
2. Storage of, and Access to, Personal Information
Storage and Security of Personal Information
SECTARA strives to provide an environment which ensures that personal information is stored in a secure and confidential manner. SECTARA employs a two-fold system for the storage of personal information. Personal information is securely stored in cloud-based business systems, and if held as hard copy documents, in physical file(s) at our offices. SECTARA has systems in place for the security of both its computer network and business premises.
SECTARA will take such steps as are reasonable in the circumstances to protect the personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure.
In circumstances where SECTARA is no longer actively working with an individual and no longer needs the information for any of its Purposes, those files are securely stored for a period of seven (7) years. Only authorised SECTARA employees are permitted to access these storage facilities.
Destruction of Personal Information
SECTARA ensures that personal information about an individual that has not been used or disclosed for a period of seven (7) years is destroyed.
Access to, and Correction of, Personal Information
A individual is entitled to request access to the personal information that SECTARA holds about him or her by making a request to SECTARA’s Privacy Officer, using the contact details specified at clause 6. SECTARA must respond to the request and provide access to the information within a reasonable time. There will be no charges associated with the making of such a request or the subsequent provision of information.
Despite the above paragraph, SECTARA is not required to give the individual access to personal information if any of the circumstances detailed in clause 12.3 of Schedule 1 of the Act exist.
Where an individual requests SECTARA to correct the personal information it holds about that individual, SECTARA must take such steps (if any) as are reasonable in the circumstances to correct the information. SECTARA is entitled to refuse to correct the personal information, provided SECTARA gives the individual a written notice containing the reasons for the refusal.
Where SECTARA is satisfied that the information it holds about an individual is inaccurate, out-of-date, incomplete, irrelevant or misleading, SECTARA must take such steps (if any) as are reasonable in the circumstances to correct the information.
3. The Purposes for which Personal Information is Collected
SECTARA collects the personal information at subclauses 1(a) through (f) only to the extent that such information is reasonably necessary for, or directly related to, one or more of the SECTARA’s Purposes.
The “Purposes” of SECTARA include (but are not limited to) the following functions and activities:
- the supply of software on a subscription basis to clients;
- to consider making offers of employment or to maintain details of SECTARA’s existing employees;
- the receipt of services by an organisation or its employees; and
- the provision of information on security risk matters, whether through periodic SECTARA’s marketing correspondence, seminars or other marketing events.
4. Disclosure of Personal Information
Disclosure of Information within Australia
For SECTARA to carry out any one or more of the Purposes, it may be necessary for SECTARA to disclose personal information to close suppliers who play a part in facilitation of services to a client and/or their representative(s).
SECTARA must only use or disclose personal information for the Purpose or Purposes for which it was collected. SECTARA must not use or disclose personal information for any other purpose (a secondary purpose) unless:
- the relevant individual consents to that use or disclosure of the information;
- the individual would reasonably expect SECTARA to use or disclose the information for the secondary purpose and the secondary purpose is related to one or more of the Purposes;
- the use or disclosure of the information is required or authorised by or under an Australian Law;
- a permitted general situation exists as defined in clause 1 of the Policy; or
- SECTARA reasonably believes that the use or disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by an enforcement body.
Disclosure of Information outside Australia
SECTARA may only disclose personal information to a person or entity that is not in Australia (the Overseas Recipient) without that client’s representative’s consent in circumstances where:
- SECTARA reasonably believes that the Overseas Recipient is subject to a law that affords protection of personal information that is substantially similar to the protection afforded under the Act and the SECTARA can enforce such protection under the overseas law; or
- SECTARA takes reasonable steps to ensure that the Overseas Recipient acts in accordance with the Principles in relation to the storage, use and disclosure of the personal information.
5. Direct Marketing
Direct marketing occurs where entities use the personal information they collect to market related or other goods and services to the individual who provided the information. A common example is where an organisation emails individuals a monthly newsletter.
SECTARA may use or disclose personal information for direct marketing only where SECTARA collected the personal information from the individual, the individual would reasonably expect the SECTARA to use or disclose the information for that purpose and the individual has not made a request pursuant to the below paragraph.
Requests not to receive Direct Marketing
An individual is entitled to request not to receive direct marketing communications from SECTARA by contacting SECTARA’s Privacy Officer, using the contact details specified at clause 6. SECTARA will give effect to any such request. Options to unsubscribe from such communications will also be available in the footer of each element of correspondence.
6. Contact Details
Should you have any queries about the Policy, or the Principles, or wish to lodge a complaint about a potential breach of the Principles by SECTARA, please contact SECTARA’s Privacy Officer using the contact details listed below.
SECTARA Pty Ltd
Level 40 Northpoint Tower
NORTH SYDNEY NSW 2060
Phone: 02 9048 9181
Email: [email protected]
SECTARA will endeavour to respond to an individual communication within thirty (30) days. Should SECTARA fail to respond within a thirty-day period, an individual may contact the Office of the Australian Information Commissioner, which can investigate queries or complaints in relation to a potential breach of the Principles.
The Policy may be updated from time to time by SECTARA as necessary.