Last Updated: January 2017
1. Background and Purpose
ST Consult Pty Ltd (“we”, “us” or “our”) is committed to respecting our clients’ right to privacy and handling our clients’ personal information in an open and transparent way. We are bound by the provisions of the Privacy Act 1988 (Cth) (the Privacy Act) which contains thirteen Australian Privacy Principles (APPs) which regulate how we collect, use, disclose and keep our clients’ personal information secure.
The APPs are legally binding principles that are designed to ensure that individuals’ personal information is protected throughout the information lifecycle – that is, from the time the information is collected through to its destruction. The APPs also give individuals the right to access their personal information and have it corrected if it is incorrect.
2. Types of Personal Information Collected
We collect and hold personal information from clients, contractors and other individuals when it is necessary for business purposes.
Information we collect when we provide professional services to our clients
We may be provided with personal information directly by our clients to enable us to deliver professional services or to perform due diligence checks before we agree to provide services. This information may relate to clients’ employees, members or customers or it may relate to third parties (for example, the spouses and dependents of a client’s employees, members or customers).
The types of personal information we may be provided with by our clients in order to provide professional services may include, but are not limited to:
- Contact details (e.g. phone numbers, email, address)
- Job titles
- Dates of birth
- Employment records
- Financial records
- Complaint details
We may also be provided with sensitive and special categories of personal information directly by our clients in order to provide professional services. This may include:
- Government identifiers such as drivers’ licences, passport and Medicare numbers and visa/work permit status
- Tax file numbers
- Health records
- Information about racial or ethnic origins
- Information about criminal convictions
- Membership of a political association or membership of a trade union
Where we are provided with personal information by a client, we take steps to ensure that the client has complied with the relevant obligations under the Privacy Act in relation to that information. This may include, for example, ensuring that the client has provided any and all relevant individuals with a Notice of Collection (and other matters) and has obtained any necessary consent for us to collect, use and disclose that information.
We may also collect personal information (such as contact details and account details) from suppliers, contractors and third party service providers that we engage to help us operate our business, as well as personal information that is publicly available.
Personal information will only be requested from our clients if (and insofar as) it is relevant and necessary for us to provide the contracted or requested services to our clients.
Information we collect via this website
This website only collects:
- Personal information that is specifically and voluntarily provided by visitors
- Standard internet log information, including your IP address, browser type and language, access times, and referring website addresses.
Where you choose to provide personal information via this website, it may include:
- Your name
- Current job title
- Company address
- Email address
- Telephone and fax numbers
We may also collect personal information contained in content that you provide when using this website; for example, postings on any blogs, forums, wikis and other social media applications.
We do not usually seek sensitive information from visitors using this website. However, if we do, we will obtain your consent to collect and use such information.
Log information, cookies and web beacons
We may transmit usage information about visitors to our website to third party ad servers for the purpose of targeting our Internet banner advertisements on other websites. To do this we use web beacons and cookies provided by third-party ad servers on our website. The information that is collected and logged on our behalf through this technology is not information from which you can be personally identified. Website visitors can customize Google Display Network Ads using the Google Ads Preferences Manager.
Because of the nature of our business, it is generally impracticable for us to deal with individuals on an anonymous basis or through the use of a pseudonym, although sometimes this is possible (for example, when seeking staff or client feedback generally).
3. Using Personal and Sensitive Information
How do we use personal information collected from our clients?
We use the personal information that we collect from our clients to provide them with agreed services. We have an agreement with each client that governs the provision of our services and sets out the purposes for which we may use any information that the client provides to us (including any personal information). We do not use that information for any other purposes, unless disclosure is required or authorised by or under an Australian law or a court or tribunal order.
Because we provide a wide range of different types of services to our clients, the way we use personal information also varies. For example, we might use personal information:
- About a client’s customers to help the client improve the quality of the services they offer to their customers.
- Collected by a client as part of their ordinary business activities to help that client manage their governance, compliance and/or risk management obligations.
- Collected by a client as part of their ordinary business activities in the course of helping that client develop strategic initiatives for their business.
- To maintain contact with clients.
- To keep clients and other contacts informed of the services we offer and industry developments that may be of interest to them, and to notify them of service offerings, seminars and other events we are holding.
- For general management and reporting purposes, such as invoicing and account management.
- For recruitment purposes.
How do we use information collected via this website? Do we use it to market goods and services to you?
Your personal information will never be added to a general marketing database. We do not sell, rent or trade your personal information to or with third parties for the purpose of allowing them to send marketing material directly to you.
We may use your personal information collected via this website:
- To provide you with promotional materials, thought leadership or communications about services provided by us that we feel may be of interest to you.
- To manage and improve this website.
- To tailor the content of this website to provide you with a more personalised experience and draw your attention to information about our services that we feel may be of interest to you.
- To seek feedback on our services.
- For market or other research purposes (however, we will only ever report aggregated results of any research we undertake, and will never include your personal information in those results unless we explicitly ask for your consent).
If you provide us with your email address, we may use it to communicate with you. If you have provided your email address to us but no longer wish to receive electronic marketing communications from us, click the unsubscribe link within the email you received, or contact us using the details provided below.
Are there any other ways we use your personal information?
We may also use personal information to protect our rights and those of our users or to comply with a legal or professional right or duty.
4. Disclosing Personal Information
When will we disclose your personal information?
We will only disclose your personal information as set out below. Importantly, we do not sell, rent or trade your personal information to or with third parties for the purpose of allowing them to send marketing material directly to you. If you do not want to receive marketing material from us, you can contact us using the details provided below or use the unsubscribe function on electronic communications.
We may disclose personal information collected from our clients or via this website to third parties that we engage to assist us in providing professional services to our clients or in the operation of our business (i.e. our subcontractors, advisors and suppliers). Where we disclose your personal information to third party service providers, we will at all times remain responsible for their handling of that information. This includes taking steps to ensure that those recipients protect that information from unauthorised access, modification or disclosure, and from misuse, interference and loss.
We may also be required to disclose personal information to law enforcement, regulatory government agencies, or to other third parties in order to comply with legal or regulatory obligations or requests or where there is a legal or professional right or duty to disclose. These entities may include government institutions and regulatory authorities including the Australian Taxation Office (ATO), the Australian Prudential Regulation Authority (APRA), the Australian Securities and Investments Commission (ASIC), the Australian Transaction Reports and Analysis Centre (AUSTRAC) and the Office of the Australian Information Commissioner (OAIC). These entities may also include courts and tribunals, including the Superannuation Complaints Tribunal (SCT) and the Financial Ombudsman Service (FOS).
Blogs, forums, wikis, and other social media
Disclosure of information to overseas recipients
We do not disclose your personal information to overseas recipients. If, in the future, your personal information is disclosed overseas, we will ensure that this is not done unless and until we have taken reasonable steps to ensure that the overseas recipient will collect and store your personal information in a manner that is consistent with the Australian Privacy Principles.
5. Storing and Protecting Personal Information
We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification or unauthorised disclosure.
We hold personal information in hard copy and electronic formats. We use a range of physical, operational and technological security measures to protect this information. These measures include:
- Education and training to ensure we are aware of our privacy obligations when handling your personal information.
- Administrative and technical controls to restrict access to personal information to only those people who need access.
- Technological security measures, including passwords, fire walls and anti-virus software.
While we take reasonable precautions to secure your personal information, data protection measures are never completely secure and we cannot guarantee the security of your personal information.
The personal information you provide to us is only retained for as long as necessary to fulfill the purposes for which the information was collected, unless we are required to retain the information under an Australian law or court or tribunal order. Once no longer required, we will take such steps as are reasonable in the circumstances to destroy or de-identify your personal information.
6. Accessing and Correcting Personal Information
You have a right to know what personal information we hold about you and to obtain access to it if required. You may request access to your personal information by contacting us using the details provided below. You may need to provide proof of your identity before access is provided.
There are circumstances where we are not required to provide, or are prevented from providing, you with access to your personal information. Where access to your personal information has been denied or not provided in the manner reasonably requested, we will provide you with a written notice setting out the reasons for our denial of your request (unless having regard to the grounds for the refusal, it would be unreasonable to do so) and the mechanisms available to you to make a complaint about the refusal.
We aim to ensure that your personal information is up-to-date and complete. However, we also rely on you to advise us of any changes to your personal information. Please contact us using the contact details below as soon as possible if you believe the personal information we hold about you is not accurate, complete or up-to-date so that we can update your file accordingly.
You may need to provide proof of your identity before your information is corrected. Personal information we have disclosed to another organisation will also be corrected at your request unless it is impracticable or unlawful to do so.
If we do not agree with the corrections that you have supplied, we are not required to alter your information. In such circumstances we will provide you with a written notice setting out the reasons for our denial of your request (unless having regard to the grounds for the refusal, it would be unreasonable to do so) and the mechanisms available to you to make a complaint about the refusal.
7. Making a Complaint
If we receive a privacy complaint it will be treated seriously and dealt with promptly, in a confidential manner and in accordance with our internal complaints handling procedures. We will contact you if we require any additional information from you and will notify you in writing of the outcome of the investigation.
8. Contacting Us
ST Consult Pty Ltd
We take all privacy complaints we receive seriously. We will acknowledge the receipt of a complaint immediately and will work with you to resolve it. However, if you have a complaint regarding a privacy issue and it is not resolved by us to your satisfaction, you may refer your complaint to the Office of the Australian Information Commissioner (OAIC).
Director of Compliance (Investigations)
Office of the Australian Information Commissioner
Phone: 1300 363 992
Fax: 02 9284 9666
Address: GPO Box 5218 Sydney NSW 2001
9. Additional Information
Where can you find out more about your privacy rights?
For further information about privacy and the protection of privacy, visit the Office of the Australian Information Commissioner’s website at www.oaic.gov.au.