Control and Electric Pty Ltd (‘C & E’) is subject to the Privacy Act 1988 (‘the Act’). The Act regulates how C & E collects, uses, stores and discloses Personal Information[i]. In this regard, C & E is committed to protecting the privacy of its clients, maintaining the confidentiality of their Personal Information and applying the Australian Privacy Principles (‘APP’).
- Personal and Sensitive Information
C & E will collect Personal Information and sometimes Sensitive Information[ii] e.g. financial records, about its clients in order to provide its services. C & E is committed to only collecting Personal Information which is necessary for the provision of its services and the operation of C & E.
The provision of Personal Information by our clients is optional. However C & E’s ability to provide services may be limited should the client choose not to provide the required Personal Information. If that occurs, C & E may end its business relationship with that client.
C & E will only collect Personal Information by lawful and fair means, and which is relevant to the scope of services required. If the need arises, further Personal Information may need to be collected from the client in the future. C & E will not collect Personal Information unless the information is reasonably necessary for C & E to provide its services to the client.
When C & E collects Personal Information about an individual, C & E will take reasonable steps at or before the time of collection to ensure that the individual is aware of certain key matters, such as:
- the identity of C & E;
- the fact that the information has been collected;
- whether the information was required under an Australian law, or court/tribunal order, and the details of the law, court of tribunal, the purposes for which information is collected;
- the main consequences (if any) of not collecting the information;
- the organisations (or types of organisations) to which C & E would normally disclose information of that kind;
- the fact that the individual is able to access the information;
- how to complain about a breach of an APP; and
- whether the information is likely to be disclosed to overseas recipients.
- Sensitive Information
C & E will not collect Sensitive Information unless:
- the information is reasonably necessary for C & E to conduct the matter or;
- the collection of the information is required or authorised by or under an Australian law or a court/tribunal order;
- a Permitted General Situation[iii] exists in relation to the collection of the information by C & E; or
- a Permitted Health Situation[iv] exists in relation to the collection of the information by C & E.
- Disclosure by C & E
Clients agree C & E can disclose Personal Information to a third party if it is required as part of C & E providing services. The client will, if it requests C & E in writing, be provided with details of the recipient. C & E will use its best efforts to provide its services without the need to disclose Personal Information and will obtain consent from the client should the need for disclosure other than in the ordinary course of the provision of its services arise, except where the information must be provided by C & E under:
- an Australian law; or
- a court/tribunal order; or
- other legal obligations.
- Disclosure for a secondary purpose
C & E will not use or disclose Personal Information for a secondary purpose unless
- it has obtained consent to do so,
- the individual would reasonably expect C & E to use or disclose the information for the secondary purpose which is directly related to the primary purpose;
- it is required or authorised under an Australian law or court/tribunal order;
- a Permitted General Situation exists;
- a Permitted Health Situation exists; or
- C & E believes it reasonably necessary for one or more enforcement activities by, or on behalf of an enforcement body.
Where C & E has used or disclosed information under b – f above, C & E will take steps as are reasonable to ensure the information is de-identified before being used or disclosed
- Transfer of Personal Information overseas
If C & E is required to transfer any Personal Information outside Australia, C & E will comply with the provisions of the Act which apply to cross border data flows. C & E will only transfer Personal Information overseas where the context of the matter requires it. C & E will first take reasonable steps to ensure the recipient does not breach the APPs in relation to the information, except where:
- C & E believes the recipient is subject to a scheme offering the same protection as the Australian Privacy Principles, and there are mechanisms for the individual to enforce that protection;
- after being told that if the individual consents to the disclosure, C & E is not required to ensure that the recipient conforms to the APP, and the individual consents regardless;
- the disclosure is required or authorised under an Australian law or court/tribunal order; or
- a Permitted General Situation (other than the situation referred to in item (g) or (h) of the definition of Permitted General Situation below) exists in relation to the disclosure of the information by C & E.
Where possible, and if directed by an individual, the individual will not be required to identify themselves when dealing with C & E in relation to a particular matter. The individual will be required to identify themselves however where:
(a) C & E is required or authorised under an Australian law or a court/tribunal order to deal only with individuals who have identified themselves; or
(b) it is impractical for C & E to deal with individuals who have not identified themselves.
Generally, an individual will be required to identify themselves when they are a client of C & E. However, C & E will not disclose a client’s identity to a third party unless the matter necessitates it, or as directed by the client. C & E will not adopt a government related identifier of an individual (including those assigned by a state or territory) as its own.
- Unsolicited Personal Information
If C & E receives unsolicited Personal Information, C & E will determine as soon as possible, whether the information is required for the client’s purposes with C & E. If the information is not required, provided it is lawful and reasonable to do so, C & E will either destroy the information, or ensure that it is made known to the individual.
C & E will use all prudent methods to keep all Personal Information safe and secure from unauthorised access through the use of firewalls, anti-virus software and secure filing systems. Where the Personal Information is no longer required for the purpose for which it was disclosed, and C & E is not required by law to retain it, C & E will take reasonable steps to destroy the information.
10. Access to Personal Information
Clients are entitled to access their Personal Information held by C & E, provided that one of the following exceptions does not apply:
- C & E reasonably believes that giving access would pose a serious threat to the life, health or safety of an individual, or to public safety;
- giving access would in C & E’s opinion, have an unreasonable impact on the privacy of other individuals;
- the request for access is frivolous or vexatious;
- the information relates to existing or anticipated legal proceedings between C & E and the client, and would not be accessible through the process of discovery in those proceedings;
- giving access would reveal the intentions of C & E in relation to negotiations with the client in such a way as to prejudice those negotiations;
- giving access would be unlawful;
- denying access is required or authorised by or under an Australian law or a court/tribunal order;
- both of the following apply:
i. C & E has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to C & E’s functions or activities has been, is being or may be engaged in;
ii. giving access would be likely to prejudice the taking of appropriate action in relation to the matter
- giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
- giving access would reveal evaluative information generated within C & E in connection with a commercially sensitive decision making process.
Upon request by a client for access to Personal Information, C & E will respond and provide access within a reasonable time, if it is reasonable and practical to do so.
If C & E refuses to give the client access to the Personal Information for a reason detailed above, C & E must:
- endeavour to take reasonable steps to give access in a way that meets the needs of C & E and the client; or
- provide a written notice to the client that sets out:
i. the reasons for the refusal except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so;
ii. the mechanisms available to complain about the refusal; and
iii. any other matter prescribed by the regulations to the Act.
C & E may charge a reasonable fee to the client for costs incurred in providing the information to the client.
11. Information integrity
- C & E wishes to maintain the integrity of the Personal Information that it holds by updating its databases as required. Clients are encouraged to notify C & E immediately if there is a change to their Personal Information by contacting C & E’s Privacy Officer on (02) 6299 6233.
If C & E is satisfied that Personal Information about a client held by C & E, having regard to the reason the Personal Information is held, is inaccurate, out of date, incomplete, irrelevant or misleading, or the client requests C & E to update or correct the Personal Information, then C & E will take all reasonable steps to correct the information. The client may request that C & E update the Personal Information provided by C & E to any other entity on behalf of the client.
Even if requested to do so, C & E may refuse to correct Personal Information, in which case C & E will give the client a written notice setting out:
i. the reasons for the refusal to correct the Personal Information (except where it would be unreasonable to provide those reasons);
ii. mechanisms available to the client to complain about the refusal; and
iii. any other matter prescribed by regulation.
Where C & E has refused to correct the Personal Information of a client, the client may request that C & E associate a statement with the Personal Information that the Personal Information is inaccurate, out of date, incomplete, irrelevant or misleading. The statement will be made apparent to users of the Personal Information.
Where a request is made by a client to update or attach a statement to the information, C & E will respond within a reasonable period after the request is made.
12. Credit card information
Credit card information may be obtained for payment processing only. Credit card information is not stored on C & E’s database, however receipts will be kept on file or with our accounts department.
13. Names and addresses
C & E values its clients greatly. It does keep a record of clients’ names and addresses for its own marketing and distribution of material, and as a client, unless you tell us, C & E assumes you agree to receive material from us. However, this information is not and will not be divulged outside C & E, and a client can, of course, at any time, request to be removed from any list or mail or email material, and C & E will happily do so.
C & E is legally required to maintain files for a period of 7 years following completion of a matter. All files are held in a safe and secure location with limited access. After 7 years all files including Personal Information, will be destroyed.
- C & E will promptly correct any error about a client’s Personal Information as soon as it is brought to C & E’s attention. Information on accessing Personal Information records may be obtained by contacting C & E’s Privacy Officer on (02) 6299 6233.
Clients may contact C & E’s Privacy Officer on (02) 6299 6233 if a client has any concerns or complaints about the manner in which Personal Information has been collected or handled by C & E.
[i]Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable: whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not.
[ii] Sensitive Information means
(a) information or an opinion about an individual’s:
i. racial or ethnic origin; or
ii. political opinions; or
iii. membership of a political association; or
iv. religious beliefs or affiliations; or
v. philosophical beliefs; or
vi. membership of a professional or trade association; or
vii. membership of a trade union; or
viii. sexual orientation or practices; or
ix. criminal record;
that is also Personal Information; or
(b) health information about an individual; or
(c) genetic information about an individual that is not otherwise health information; or
(d) biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
(e) biometric templates.
[iii] Permitted General Situation means
- it is unreasonable or impracticable to obtain the individual’s consent to the collection, use or disclosure; and
- C & E reasonably believes that the collection, use or disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety,
- C & E has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to C & E’s functions or activities has been, is being or may be engaged in; and
- C & E reasonably believes that the collection, use or disclosure is necessary in order for C & E to take appropriate action in relation to the matter,
- C & E reasonably believes that the collection, use or disclosure is reasonably necessary to assist any APP entity, body or person to locate a person who has been reported as missing; and
- the collection, use or disclosure complies with the rules made under subsection (2),
- the collection, use or disclosure is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim,
- the collection, use or disclosure is reasonably necessary for the purposes of a confidential alternative dispute resolution process.
[iv] Permitted Health Situation means a situation described in paragraph 16B of the APPs.