The purpose of this policy is to assist UQ Res to comply with Commonwealth privacy laws, namely the Privacy Act 1988 (Privacy Act), by communicating UQ Res policies and procedures in relation to privacy. All UQ Res employees and contractors must comply with this document in the collection, use or disclosure of personal information about individuals.
It is important to understand that this policy should be read in conjunction with other applicable policies and procedures which UQ Res has implemented.
To achieve this, we will:
- only collect personal information that is necessary to fulfil, or directly related to fulfilling, a lawful purpose directly related to a function or activity of ours
- ensure that appropriate notification is provided to (or, where applicable, consent obtained from) an individual when collecting personal information directly from that individual
- take all reasonable steps to ensure that personal information in its control is protected against:
- unauthorised access, use, modification or disclosure ; or
- any other misuse
- as appropriate, provide information about the types of documents that contain personalinformation in the form of a personal information register
3. What is personal information?
- Under the Privacy Act 1988 (Cth), personal information is defined to mean information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.
- Personal information can include sensitive information. Sensitive information is defined as information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of political, professional or trade associations, religious or philosophical beliefs, sexual orientation or practices or criminal record, health information about an individual, genetic information about an individual that is not otherwise health information, biometric information that is used for the purpose of automated biometric verification or biometric identification and biometric templates.
- • Due to the nature of the services that we provide, the personal information which we may collect may include sensitive information.
4. Collecting personal information
We collect personal information:
- from you
- through our website and by other electronic communication channels
- from third parties, such as our payment gateway service provider
- from publicly available sources of information
- using cookies and similar technologies
- when we are required to do so by any applicable law, regulation, legal process orgovernmental request (Law); and
- from our own records.In the course of:
- your visiting our website
- your sending an email or other communication to us; or
- our providing services to you,we may collect the following types of personal information from you:
- identification information, including your name(es), date of birth, email address(es), facsimilenumber(s), telephone numbers(es), current or previous residential or business address(es),driver’s licence number and other details
- such as your next of kin or emergency contact person
- order information, including details of all services purchased by you
- payment details that you use to complete payment to us, which may include credit card, debitcard or other method of payment details
- records of any competitions or promotions you enter with us
- employment details
- visual images
- audio and visual security footage
- sensitive information, including:
- health, medical and welfare (physical and mental) information
- emergency contact information
- any other information that you provide to us.
Our server automatically records information that your browser sends when it connects to a
website. The information provided may include your Internet Protocol (IP) address and your browser type and language. We may also collect information about your usage (for example, by way of cookies) including when you use our website, other sites that you access from our website, content upload and download, your usage of the services available on our website and the other website users with which you connect through our website.
- to help our website to function correctly or to improve the usability, content or user experience of the website
- to monitor the performance of our website
- for security
- to build up a picture of the services that you prefer, so that we can then provide you with apersonalised experience of our website and provide you with information of interest to you
- to place advertisements for our services on other external sites; and
- to monitor how our marketing is performing.Most browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies. If you do so, some of the features and services of our website may not function properly. For further guidance, click “Help” in the toolbar of your browser or review the cookie management guide produced by the Interactive Advertising Bureau at www.allaboutcookies.org/.
6. Use of personal information
We use the personal information that we collect to:
- provide our services
- manage and process your inquiries and requests for contact and support
- contact you or communicate with you
- maintain your account and recover of any monies owed to us
- assess any application you make for a position with us and, if you are successful, for thepurposes of your employment with us
- maintain our employment records
- promote, market and advertise our business and services
- understand more about you, so that we can provide better services or
- improve our services
- develop existing and new Services
- advise you of information which may be of interest to you
- provide your contact details to our partners who have agreed to provide you with any offers,goods or services
- maintain and update our business infrastructure and systems
- meet our contractual obligations
- maintain internal records and general administration; and
- comply with any applicable Law.
If we do not collect the personal information, or the information provided to us is incomplete or inaccurate, we may not be able to provide you with the services that you have requested or any other services including assistance.If you provide us with endorsements, we use these (including any visual images that you provide) to promote and advertise our business and services.
7. Disclosure of and access to personal information
- We never sell any personal information.
- We may disclose your personal information to:
- our affiliates, including employees, agents, consultants, insurers, lawyers and professional advisers
- our related entities
- personnel involved with the operation of our website including IT, administration, sales,marketing and system administration staff
- any person or entity to which we deem it necessary (in our sole discretion) for complying with any applicable Law.
- Subject to any Law, upon receipt of a written request from you, we will inform you of the personal information that we hold about you. If your request is particularly complex or requires detailed searching of our records, there may be a cost to you in order for us to provide this information.
- If you believe that there are errors in our records about you, please let us know and we will investigate and correct any inaccuracies.
8. Marketing and advertising
- We will never use or disclose any sensitive information for marketing or advertising purposes.
- We may use and disclose your personal information (other than sensitive information) toprovide you with information about services offered by us or other companies or entities. Youconsent to receipt of direct marketing information including by email or SMS.
- If at any time you do not wish to receive marketing or advertising communications from us oryou do not want your personal information disclosed for marketing or advertising purposes, please contact us at [email protected] and we will remove your details from our marketing database.
9. Data integrity
- We endeavour to ensure that all personal information that we hold is accurate, complete and up-to-date. To assist us with this, you should contact us if any of your personal information changes, or if you believe that the personal information that we have is not accurate or complete.
- When personal information that we collect is no longer required by us, we will destroy or de- identify that personal information unless we are required by a court, tribunal or any Law to retain the personal information.
- We may retain personal information for so long as it is required for any of our business purposes, for the prevention of fraud, for insurance and governance purposes and in our IT back-up.
- We take reasonable steps to protect your personal information from misuse, loss, unauthorised access, modification or disclosure.
- However, no system is completely secure against cyber attack and the open nature of the Internet is such that information exchanged via the Internet may be accessed and used by people other than those for whom the information is intended. Any personal information is therefore sent at your own risk.
- You should contact us immediately if you believe that there has been unauthorised access or disclosure with respect to any personal information that we hold about you.
11. Disclosure overseas
- We are unlikely to disclose your personal information overseas to persons. However, if we do so, it will be in accordance with the Australian Privacy Principles.
- Our payment system and servers are located in Australia.
- You consent to any disclosure of your personal information by us overseas on theunderstanding that if the overseas recipient handles the personal information in breach of the Australian Privacy Principles, the entity will not be accountable under the Privacy Act 1988 (Cth), and you will not be able to seek redress under the Privacy Act 1988 (Cth). The overseas recipient may not be subject to privacy obligations or to any principles similar to the Australian Privacy Principles. Individuals may not be able to seek redress in some overseas jurisdictions, and overseas recipients may be subject to a foreign law that could compel the disclosure of personal information to a third party, such as an overseas authority.
- We may at times be a “data controller”, “joint controller” or “data processor” for the purposes of the European Union’s General Data Protection Regulation (GDPR).
- In limited circumstances we may have obligations under the GDPR to the extent that we process personal data in relation to various “GDPR activities”. “Personal data” as defined under the GDPR may include a broader range of information than “personal information” as defined under the Privacy Act 1988 (Cth).
- We are not subject to the GDPR in circumstances where the processing of personal data is not related to a “GDPR activity”, or where we do not otherwise have contractual obligations to a data controller with respect to compliance with the GDPR.
13. De-identified data
You consent to us using and disclosing your de-identified data (data that no longer identifies you) for any purpose, including without limitation research, statistical analysis, product development, marketing and business planning and any other commercial purpose. We undertake technical measures to make sure that this data cannot be associated back to you.
14. Notifiable data breaches
We will notify you and the Office of the Australian Information Commissioner about any data breach that is likely to result in serious harm to you unless an exception applies, for example, where we have already taken appropriate remedial action that removes the risk of serious harm to any individuals.
15. Limitation of liability
- We are not liable for any direct, indirect, incidental, special, punitive or consequential liability, loss (including but not limited to loss of data, income, profit or opportunity, loss of or damage to property and claims of third parties, death, personal injury or any loss, damage or expense) that you incur or suffer that arises out of your access to, use of or reliance on our website or our services or any of the content of the website or your inability to use it. This applies even if we have been informed that the liability, loss, damage or expense will or may result.
- Where liability is not able to be excluded by Law, our liability to you in any circumstances will be limited, at our choice, to re-performance of any Services that we have provided to you, payment for those services to be provided by a third party or payment of the sum of AUD $10.00 (Ten Australian Dollars).
18. Enquiries and complaints
If you make a complaint relating to privacy, we will do our best to ensure that an investigation is completed and a decision about your complaint is communicated to you within 30 days of our being advised of the complaint. We will inform you if we need more time.
If you are dissatisfied with our response to any complaint you make, you can take your complaint to the Office of the Australian Information Commissioner:
Post GPO Box 5288, Sydney NSW 2001
Fax +61 2 9284 9666
Email [email protected]