About this policy
We are bound by the Australian Privacy Principles contained in the Privacy Act 1998 (Cth) (‘the Act’). The principles are designed to protect the privacy of individuals by regulating the way personal information is managed by Australian businesses. Personal information is any information that allows an individual to be personally identified.
We are bound by and acknowledge the importance of the Notifiable Data Breach Scheme, which has been addressed by us in our Data Breach Response Plan.
You do not have to provide us with your personal information. However, if you do not, we may not be able to provide you with information or services and information you request or important notices in relation to our provision of and your use of our products or services.
The information we collect
We collect information that is reasonably necessary for us to provide you with the services or products you have requested from us, and to manage our obligations to you under any customer contract or applicable law. Some of the services or products may include:
· acting as agent, buying or selling properties, leasing properties, and managing unit plans;
· marketing purposes and to provide you with information about products and services that may be of interest to you;
· improvements to the products and services we provide; and
· enabling us to conduct our business, including meeting our legal and regulatory obligations.
We will only collect your sensitive information if you have provided us with consent to do so. Where practicable, we will give you the option of interacting with us anonymously.
The information we collect and hold generally includes:
· names, addresses, e-mail addresses, phone numbers, other contact details, payment details, occupation, household details, financial information, employment references, rental references, personal references, and other information to assist us in conducting our business, providing and marketing our products and services;
· identity documents so we can verify your identity;
· information about staff and directors, as required in the normal course of human resource management and the operation of a business; and
· information about current and previous suppliers and clients with whom we have dealings.
However, we may also collect and hold other information required to provide services or assistance to you, including your emergency contact details, sensitive information, and information necessary to assess your creditworthiness.
How we collect your information
We may collect your information in various ways, including via telephone, our website, third party websites or software suppliers, hard copy forms or email, face-to-face meetings including inspections or interviews, third parties, referrals through our related entities or strategic partners, social media channels.
We only collect personal information by lawful and fair means. By providing personal information to us, you consent to us collecting and storing this information as well as further information as may be provided by you in order that we may follow up your enquiries and best service your needs.
Whenever you choose to deal with us directly, we will collect this information directly from you. However, there may be occasions when we collect your information from someone else. This may include contracted service providers, agents acting on our behalf or related entities and/or anyone you have authorised to deal with us on your behalf.
By subscribing to the forms on our website, you are actively asking us to supply you with information about our services and we will do this through the method of contact provided by you, which may be phone or email.
On all occasions, your information is collected, held, used, and disclosed by us in accordance with this policy and applicable Australian Privacy Principles.
How we use your information
We only use your information for the purpose for which it was provided to us, related purposes that you would reasonably expect and as permitted or required by law. Such purposes include:
· responding to your inquiries;
· maintaining/administering your account and processing payments you have authorised;
· communicating with you about works that may affect your premises;
· processing your survey or questionnaire responses for the purpose(s) notified in the survey or questionnaire (where you have chosen to participate);
· for market research and programs so that we can improve our services and meet our customers’ needs;
· analysing broader market trends and demographics so that we may best serve our customers in the future;
· providing you with marketing information regarding other products and services (of ours or of a third party) which we believe may be of interest to you, but not if you have opted out from receiving such information;
· reporting to our owners or their shareholders;
· quality assurance and training purposes;
· in the ordinary course of conducting our business. For example, supplying services such as assisting with purchasing, selling or leasing properties, managing unit plans, acquiring products and services, connecting utility services when you authorise or request us to do so, responding to your enquiries and feedback, and providing information about our events, news, publications and products and services that may be of interest to you;
· performing general administration, reporting and management functions. For example, invoicing and account management, payment processing, risk management, training, quality assurance and managing suppliers;
· employment-related purposes, such as recruiting and providing services to staff;
· as part of a sale (or proposed sale) of all or part of our business;
· other purposes related to or in connection with our business, including meeting our legal and contractual obligations to third parties and for internal corporate governance purposes; and
· any other purposes identified at the time of collecting your information.
We may disclose your personal information to government agencies, our service providers, agents, contractors, business partners and other recipients from time to time, only if one or more of the following apply:
· You have consented.
· You would reasonably expect us to use or disclose your personal information in this way.
· We are authorised or required to do so by law.
· Disclosure will lessen or prevent a serious threat to the life, health or safety of an individual, or to public safety.
· Where another permitted general situation or permitted health situation exception applies.
· Disclosure is reasonably necessary for a law enforcement related activity.
However, we will only use your sensitive information for the purposes for which it was initially collected, other directly related purposes or purposes to which you otherwise consent.
If you are not a customer (for example, if you are a supplier or other third party), your information will only be used for the specific purpose for which it was provided to us, unless you have consented to other uses.
How we disclose your information
We may disclose your information to our related entities and third parties who provide services to us or on our behalf, including:
· government bodies, regulators, law enforcement agencies and any other parties where required or otherwise permitted by law;
· other service providers where necessary to cross check the accuracy of your contact details;
· our related entities and third parties who provide services to us, or to you on your behalf, including:
o parties that help operate and maintain our IT infrastructure and other business assets;
o parties that manage customer accounts and billing;
o parties that are our business partners, joint venturers, strategic partners or agents;
o external IT service providers, infrastructure and other third party service providers;
o mailing houses and marketing companies;
o as part of a sale (or proposed sale) of all or part of our business. For example, we may disclose information to our external advisers, to potential and actual bidders and to their external advisors;
o in the case of claims (or likely claims), assessors, repairers, builders and investigators;
o parties that assess creditworthiness or assist in recovery against you if you are in breach of your obligations; and
· other entities that may offer you related products or services if you have not opted out to receive such information.
We will only disclose your sensitive information for the purposes for which it was initially collected, other directly related purposes or purposes to which you consent.
We may disclose personal information to overseas recipients including but not limited to contracted service providers or related bodies corporate or related entities based outside Australia for processing, storage or back-up.
We will take reasonable steps (eg, contractual measures) to ensure that these providers comply with applicable Australian Privacy Principles (‘APP’s’). Further, certain contracted service providers may enter arrangements with overseas providers from time to time. We recommend that you view their privacy policies for details.
Any overseas disclosure does not affect our commitment to safeguarding your personal information. Where reasonable in the circumstances, our contracts with overseas recipients oblige them to comply with the APPs and the Act. However, you acknowledge that, in agreeing to the disclosure of your information to overseas recipients, we will not be required to take further reasonable steps to ensure overseas recipients’ compliance with the APPs in relation to your information and we will not be liable to you for any breach of the APPs by those overseas recipients. On this basis, you consent to such disclosure.
The General Data Protection Regulation (GDPR) relates to EU and UK residents control over their Personal Data. It is a comprehensive law that provides greater data rights for individuals, and requires organisations who control and process data to comply with data protection principles.
Personal Data means data that relates to an individual which, in isolation or in combination with other information, enables the individual to be identified directly or indirectly.
Where the GDPR applies with regard to any Personal Data we collect, then this section applies to that Personal Data. For the purpose of GDPR, we are the ‘controller’.
If You are a resident in the EU or UK, you have the following rights with respect to your Personal Data, and can exercise them by sending a request to the Privacy Officer at [email protected] or by phoning 02 6885 4564. Those rights include:
· The right to be informed about the collection and use of your personal data at the time it is collected from you. This includes the purposes for processing your data, how long it will be kept for, and who it will be shared with.
· The right of access – you can obtain a copy of your personal data.
· The right to have your inaccurate personal data rectified or completed if it is incomplete. We must reconsider accuracy upon your request.
· The right to remove your personal data, aka ‘the right to be forgotten’. This applies if the personal data is no longer necessary for the purpose which it was originally collected or processed for, or if you withdraw your consent and there is no other lawful basis for holding your data.
· The right to restrict processing. You can limit the way your data is used in the certain circumstances for instance, if you contest the accuracy of your personal data and we are verifying it.
· The right to data portability. A right to have your data moved, copied or transferred easily from one IT environment to another securely and without affecting its usability. You can request direct transfer of your data to another controller.
· The right to object, in certain circumstances, to the processing of all or some of your personal data or for particular purposes.
· Rights in relation to automated decision making and profiling. You have a right to be informed of and to receive information about automated decision making and profiling of your data, and a right to request human intervention or challenge an automated decision.
Security of your information
We take reasonable steps (including any measures required by law) to ensure your information is protected and secure. For any payments you make via our websites, we use a recognised payment service provider that is required to take reasonable steps to protect your information.
We also take reasonable precautions to ensure that any information you provide to us through our websites is transferred securely from our servers to our mainframe computers, including by means of Secure Sockets Layer (SSL) protocols.
Other information protection measures we take include:
· computer and network security measures, including use of firewalls, password access and secure servers;
· restricting access to your personal information to employees and those acting on our behalf who are authorised and on a ‘need to know’ basis;
· entering into confidentiality agreements with staff and third parties.
All personal information collected by us through our platforms listed is stored in a variety of formats including electronically in databases, in hard copy files and on personal devices including laptop computers, mobile phones, cameras and other recording devices. We will not store personal information for longer than necessary (or than we are legally allowed to) and when it is no longer required it will be deleted from the database. We may store information in ‘the cloud’ which may mean that it resides on servers situated outside of Australia.
However, no data protection and security measures are completely secure. Despite all the measures we have put in place, we cannot guarantee the security of your information, particularly in relation to transmissions over the internet.
Accordingly, any information which you transmit to us is transmitted at your own risk. You must take care to ensure you protect your information (for example, by protecting your usernames and passwords, customer details, etc) and you should notify us as soon as possible after you become aware of any security breaches.
If we become aware of any security breaches, an internal process will be undertaken in accordance with our Data Breach Response Plan to conduct an assessment of the breach, and commence notification procedures, if necessary.
Accuracy, access and correction
We take reasonable steps to ensure the information we collect and hold about you is accurate, up-to-date and complete, and if used or disclosed, also relevant.
Please let us know as soon as possible if there are any changes to your information or if you believe the information we hold about you is not accurate, complete, up-to-date or is otherwise misleading.
We will, on request, provide you with access to the information we hold about you unless otherwise required or permitted by law. We will notify you of the basis for any refusal to allow you access to your information.
Sometimes our website contains links to other websites, for your convenience and information. Some of those websites may collect personally identifiable information about you. When you access a website other than our own, please understand we are not responsible for the privacy policies of that site. We suggest you review the privacy policies of each site you visit.
We also use the following third party vendors to assist with analytics and tracking:
· Facebook Pixel
These vendors, including Google and its partners, set cookies when browsing pages on sjshooter.com.au & facebook.com/sjshooterrealestate to serve ads based on prior visits to our website or other websites. These networks track our website visitors using cookies. These cookies may allow the collection of online identifiers such as IP addresses, which, when combined with other unique identifiers and information received by the servers, may be used to create profiles constituting personally identifiable information.
Notification of Data Breaches
If we have reasonable grounds to suspect that a data breach has occurred, we will:
· Complete an assessment of the suspected data breach within 30 days;
· If appropriate, take remedial action to address any potential harm to individuals that may arise due to a relevant data breach before any serious harm is caused to individuals to whom the information relates.
We will otherwise comply with privacy data breach notification requirements, including notifying affected individuals and the Office of the Australian Information Commissioner, as applicable.
What if you have an inquiry or complaint?
We will refer your inquiry or complaint to our Privacy Officer. They will, within a reasonable time, investigate the issue and determine the steps that we will undertake to resolve any complaints. We will contact you if we require any additional information from you and will notify you in writing of the response or determination of our Privacy Officer.
If you are not satisfied with our response or determination, you can contact us or raise your concerns with the Australian Privacy Commissioner via www.oaic.gov.au
How to contact us