(last modified: 4 June 2018)
WingArc Australia Pty Ltd ABN 98 006 559 191 of Level 7, 360 Collins Street Melbourne VIC 3000 (“WingArc”, “we”, “us” and “our”) complies with the Australian Privacy Principles (“APPs”), which are part of the Privacy Act 1998 (Cth) (“Act”).
- how we protect the privacy of personal information we collect;
- the purposes for which we may use and disclose the personal information we collect;
- how we may use and disclose the personal information we collect; and
- how individuals can access and correct the personal information we hold about them, lodge complaints with us in respect of how we handle personal information we hold about them, and to make any related inquiry.
We require that our staff comply with this policy in relation to any personal information they handle. We also use our best endeavours to ensure that contractors, suppliers and service providers we engage from time to time comply with similar obligations with respect to any personal information to which they may have access or which may be disclosed to them.
We may collect personal information from any individual with whom we may have contact. These include job applicants, representatives from current and prospective suppliers and representatives from current and prospective customers.
In the course of us providing our products and services to our customers, we may from time to time be required to handle and process data sets that include information provided to us by our customers. The information in these data sets are generally de-identified; however, it may be possible to identify individuals from the information included in the data sets.
Additionally, we may from time to time provide products and/or services that require the end users of the products and/or services to provide personal information either to us or to our customers. Accordingly, we may from time to time collect or be provided personal information of individuals in the course of providing our products and/or our services, and we may be contractually obliged to process such information.
The policy outlined here sets out, in general terms, how we will handle and protect the personal information of any individual which we collect or which is disclosed or made available to us in the course of us undertaking our usual business functions and activities.
Types of information WingArc collects and holds
For the purpose of this policy, “personal information” is information or opinion that identifies an individual or which could reasonably identify the individual, regardless of whether the information or opinion is true or not.
It may include, but is not limited to, the individual’s name, address, telephone number, email address, age, date of birth and place of birth.
We may also collect information about you when you access our website. The information we collect from visits to our website is generally anonymous (unless you specifically complete and submit a form to us using a form we make available to you via our website). We generally do not use such information to identify specific individuals.
However, due to the Internet’s nature, such information may contain details which may identify a particular individual (such as the IP address of the computer accessing our website, the internet service provider used by the individual, the web-page directing the individual to our website and the individual’s activity on our website).
How we collect personal information
We only collect personal information using lawful and fair means. We will not collect personal information unless the information is reasonably necessary for one or more of our functions or activities.
We may collect personal information about an individual from a variety of sources using a variety of means, including:
- a form (either physical or online) that is completed and submitted to us;
- a telephone, email or in-person inquiry or discussion about us, the products and/or services that we provide;
- mail correspondence, emails and other electronic means (including by accessing our websites and through the use of the “contact us” form on our website);
- through publicly available sources of information;
- from job applicants and staff members;
- direct contact in the course of us providing our goods and/or services;
- in the course of conducting market research, including customer satisfaction surveys;
- in the course of providing our products and/or services to our customers; and
- from current and prospective suppliers of goods and/or services to us.
Subject to the foregoing, to the extent reasonably practicable and reasonable for us to do so, we collect personal information about an individual directly from that individual. Additionally, we will only collect personal information when we specifically request that information, except in circumstances where personal information is volunteered to us or otherwise supplied to us without us asking for such information.
Dealing with us anonymously and pseudonymously
In accordance with the requirements of the APPs, you have the option of not identifying yourself or of using a pseudonym when dealing with us in relation to a particular matter.
However, in accordance with the APPs, the foregoing would not apply in relation to that matter if we are required or authorised by or under an Australian law, or a court or tribunal order, to deal with individuals who have identified themselves concerning that matter.
Additionally, if it is impracticable for us to deal with individuals who have not identified themselves or who have used a pseudonym on a particular matter, then we would not be required to provide you with the option to engage with us on an anonymous or pseudonymous basis concerning that matter.
For example, if you choose to interact and deal with us on an anonymous or pseudonymous basis, or if you do not provide us with personal information when requested, we may be unable to provide you with all of the products and/or services that you seek from us.
Further, we reserve the right to verify your identity as part of our response to a request to access and/or correct personal information we hold about you, or as part of our complaints-handling process. If we are unable to verify your identity, or you continue to engage with us in an anonymous or pseudonymous basis, then we may be unable to satisfy your request or complete our complaints-handling process.
How we use the personal information we collect
As a general principle, and in accordance with our statutory obligations, we generally use personal information only for the primary purpose(s) for which we collected the information, or any secondary purpose that is related (in the case of sensitive information, directly related) to the primary purpose for which you would reasonably expect us to use the collected information, or as otherwise permitted or required by law.
We will take reasonable steps to make you aware of the purpose(s) for which the personal information collected may be used at or before the time of collection.
We may use and/or disclose personal information collected about an individual for one or more of the following purposes:
- to provide our products and/or services, and/or assist our customers in providing services to their end-users;
- to process transactions and to administer customer accounts;
- to address queries and to resolve complaints;
- to send information updates, marketing materials and newsletters to current and to prospective customers and other individuals who have consented (either expressly or impliedly) to receive such information and materials provided that they have not opted out from receiving such information and materials;
- to seek the participation of current and prospective customers and other individuals (on a voluntary basis) in advertising campaigns, events, launches, customer testimonials and focus groups;
- to improve our products and our services, our website, our other means of communicating with our current and prospective customers and our customer experience generally; and
- to directly market our products and our services to current and prospective customers (including through direct mail and direct email to current and to prospective customers) provided that such recipients have not opted out of receiving such communications from us.
We may also use and/or disclose personal information collected about an individual for one or more of the following purposes:
- assessing an opportunity to provide our products and services to a current or prospective customer;
- complying with our obligations with any law or statute that binds us;
- complying with our obligations under a contract into which we have entered;
- to assess the suitability of an individual applying for a job with us; and
- to assess and to manage the supply of goods and services to us by a contractor or service provider.
To whom we may disclose your personal information
We may disclose personal information we collect to third parties but only on an as-needs basis and in order to facilitate the fulfilment of one or more purposes for which we collected the information, or any secondary purpose related to the primary purpose (directly related in the case of sensitive information) for which we may be permitted to disclose such information by law.
We may disclose personal information to any of the following groups:
- our agents, suppliers and contractors (including, for example but without limitation, to our agents, suppliers and contractors in order to enable them to perform services under contract with us which may directly or indirectly benefit the individual from whom the information was collected);
- to our customers, where we are required to disclose personal information under contracts we have entered into with any of our customers;
- marketing providers, to facilitate the provision of marketing of us, our products and/or our services;
- professional advisers, to facilitate their provision of advice to us;
- Government departments and agencies, for the purpose of facilitating our compliance with our statutory obligations.
Where we engage third parties to provide products and/or services to us or to our customers on our behalf, those third parties may have access to personal information (including sensitive information) that we hold about individuals.
We do not authorise those third parties to use or to disclose any personal information we may disclose or allow the third parties to access except for purposes related to their provision of services to us and to otherwise complete their obligations they owe to us.
We use reasonable endeavours to ensure that those third parties maintain the privacy of such information we disclose or make available to them and we use reasonable endeavours to ensure that those third parties destroy or de-identify the information when the information is no longer required by the third party.
Without limiting the foregoing, we may disclose individuals’ personal information to our business partners and to our advisers, including (but not limited to) auditors, financial services and insurance companies, and to our professional advisers (including our legal and accounting advisers) for them to complete their obligations owed to us under agreements that we have entered into for the purpose of undertaking or furthering our business operations and our activities.
Additionally, subject to the terms of contracts we have entered into with our customers, we may from time to time disclose personal information we have collected from or about individuals to our customers. Subject to the terms of these contracts, we will endeavour to disclose de-identified information. However, from time to time – and depending on the terms of the relevant contract – we may be required to disclose personal information of individuals to our customers.
We may also disclose personal information (including sensitive information) about an individual when required by law or court order, or other governmental order or process to disclose, where we believe in good faith that the law compels us to disclose the information.
Without limiting the foregoing, we may disclose personal information (including sensitive information) where we are required to do so as a result of any obligations we owe under any contract.
We may disclose personal information (including, but not limited to an individual’s IP address and other information collected from visits to our website or through other online interactions by individuals with us) if we deem it necessary to do so in order to comply with relevant laws.
We may disclose personal information if it is reasonably necessary to do so in order to identify, contact or bring legal action against an individual whom we suspect or know is causing harm to, or interference with the products and/or services we supply, our information technology systems and equipment, or our property.
Personal information we have collected and hold may be disclosed to third parties in the event we offer to sell and/or sell our business and/or our assets, or shares in us or in our related entities are sold or offered for sale, at or before the time of a merger, acquisition or sale.
From time to time, we may disclose personal information we collect from or about any individual to overseas recipients. These include recipients located in Japan and Europe. By providing us with personal information, you consent to us having the discretion to take reasonable steps to ensure the recipients do not breach the APPs in relation to the disclosed information.
We may directly market our products and our services to you on the basis that you would reasonably expect us to do so, where we have already collected your personal information. Where we collect information about an individual from a party other than the individual concerned, then we will not use that information to directly market to the individual unless that individual consents to receiving such communications (such consent may be express or implied).
In directly marketing our products and services, we will comply with other laws relevant to marketing, including the Spam Act 2003 (Cth), the Do Not Call Register Act 2006 (Cth) and the Competition and Consumer Act 2010 (Cth) (including the Australian Consumer Law).
All direct marketing communications which we send will include an easy opt-out procedure if at any time you wish for us to stop sending you marketing communications.
We strive to ensure the security of personal information we collect and hold. We take reasonable steps to protect your personal information from misuse, interference and loss, and from unauthorised access, modification and disclosure.
We regularly review and update our physical and data security measures in light of current technologies. Unfortunately, no data transmission over the Internet or over mobile data and communications services can be guaranteed to be totally secure.
In addition, our employees and contractors who provide services to us or who have access to personal information we collect and hold are obliged to respect the privacy of any personal information we hold.
We may store, process and/or back-up personal information we hold on servers (including servers provided by third parties) that are located in a jurisdiction other than in Australia. Where we enter into a contract with a host provider, we will use all reasonable endeavours to ensure that such contract reserves for us the right to control access to the personal information and to avoid the need for the host provider to access the information it hosts for our benefit.
We do everything reasonably within our power and control to prevent unauthorised use or disclosure of personal information we collect and hold. However, we are not responsible for events arising from unauthorised use of or access to personal information except to the extent that such unauthorised use or access is as a result of our failure to comply with our legal obligations concerning the steps taken to secure the personal information we collect and hold.
Additionally, in accordance with our statutory obligations, we will take reasonable steps to destroy or to de-identify personal information when the information is no longer required for the purpose(s) for which the information was collected.
Where we destroy or de-identify personal information, we will endeavour to do so via a secure means.
Quality of the personal information we hold
We take reasonable steps to ensure that the personal information we collect, use and disclose is accurate, complete and up-to-date.
However, the accuracy of the information we hold largely depends on the accuracy of the information supplied to us or which we collect. If at any time you discover that any information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading, please contact us to correct the information.
Accessing and correcting personal information we hold
Where we hold personal information about an individual, subject to the Privacy Act 1988 (Cth), that individual is entitled (upon request) to access the personal information we hold about that individual.
Where we receive a request to access the personal information we hold about an individual, we will respond within a reasonable time period. Unless it is unlawful or impracticable for us to do so, we will generally provide access to the requested information in the manner requested.
Under the APPs, we are entitled to charge a reasonable fee to cover our costs incurred in providing access to the personal information we hold about an individual.
We reserve the right to verify the identity of the person making the access request, to ensure that we do not inadvertently release or disclose personal information to an individual not entitled to access such information.
Further, we reserve the right to redact information we make available in response to an access request, to protect the privacy of other individuals.
We may from time to time refuse to provide access to the information we hold about an individual, in accordance with the Privacy Act and the APPs. Where we refuse access, we will explain the reasons for the refusal in writing and provide details in relation to the relevant complaint process.
As noted above, we take reasonable steps to ensure that the information we collect, hold, use and disclose about an individual is complete, up-to-date and accurate. However, if at any time you believe that personal information we hold about you is incorrect, incomplete, outdated or inaccurate, you have the right to request that we amend such personal information. If we refuse the correction request, we will provide written reasons and information about the complaints process should you not be satisfied with our reasons.
Where information about you is correct and the information has previously been disclosed to third parties, we will take reasonable steps to notify third parties of the correction.
Lodging a complaint
If you wish to complain about an alleged breach of the privacy of your personal information, or if you wish to complain about any other aspect of how we handle your personal information, you may make a complaint to us. The complaint should be made in writing to us and addressed to the attention of our privacy officer. The details of our privacy officer are set out below.
We will promptly acknowledge receipt of your complaint and we will endeavour to deal with your complaint and to provide you with a response within a reasonable time period following our receipt of your complaint (generally within 30 days of receipt).
Where the complaint requires a more detailed investigation, it may take longer to resolve. If this is the case, then we will provide you with progress reports.
We reserve the right to verify your identity and to seek (where appropriate) further information from you in connection with your complaint.
Where required by law, we will provide our determination on your complaint to you in writing.
Please note that, in accordance with the Privacy Act, we reserve the right to refuse to investigate or to otherwise deal with a complaint if we consider your complaint to be vexatious or frivolous.
If you are not satisfied with the outcome of your complaint, you may write to us seeking an internal review of our decision. Such internal review will be completed by an officer not previously involved in the investigation or resolution of your complaint.
If you remain dissatisfied following the outcome of our internal review, you may escalate the complaint to the Office of the Australian Information Commissioner.
In relation to any query, concern or complaint as to how we comply with our privacy obligations, please direct such communications to the following:
The Privacy Officer
WingArc Australia Pty Ltd