Modified January 2019
In this policy, “us”, “we” or “our” means Redwood Business Consulting Pty Ltd (ABN 14 141 602 333) and also refers to its related bodies corporate, partnerships and other joint venture entities.
This policy sets out:
What is considered personal information;
What personal information we collect and hold;
How we collect, hold, use or disclose personal information;
The purposes for which we collect personal information;
What happens if we are not able to collect personal information;
How to seek access to and correct your personal information;
What happens in the event of a unauthorised privacy disclosure;
Whether we disclose personal information outside Australia; and
How to contact us.
We are bound by the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (subject to exemptions that apply to us under that Act).
We may, from time to time, review and update this policy, including taking account of new or amended laws, new technology and/or changes to our operations. All personal information held by us will be governed by the most recently updated policy. Your privacy matters to us, so whether you are new to Redwood Business Consulting or are a long time user, please take the time to get to know our practices.
1: PERSONAL INFORAMTION
1.1. WHAT IS PERSONAL INFORMATION
When used in this policy, the term “personal information” has the meaning given to it in the Act. In general terms, it is any information that can be used to personally identify you. This may include (but is not limited to) your name, age, gender, postcode and contact details (including phone numbers and email addresses) and possibly financial information, including your credit card, direct debit or PayPal account information. If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered personal information.
1.2. WHAT PERSONAL INFORMATION DO WE COLLECT AND HOLD
We may collect the following types of personal information:
Mailing or street address;
Previous mailing or previous street addresses;
Age or birth date;
Profession, occupation or job title;
Payment information and records;
Details of the products and services you have purchased from us or which you have enquired about, together with any additional information necessary to deliver those products and services and to respond to your enquiries;
Any additional information relating to you that you provide to us directly through our websites or indirectly through use of our website or online presence through our representatives or otherwise;
Information you provide to us through our service centre, customer surveys or visits by our representatives from time to time.
We may also collect anonymous data (which is not personal information) relating to your activity on our websites (including IP addresses) via cookies, or we may collect information from you in response to a survey. We generally use this information to report statistics, analyse trends, administer our services, diagnose problems and target and improve the quality of our products and services. To the extent this information does not constitute personal information because it does not identify you or anyone else, the Australian Privacy Principles do not apply and we may use this information for any purpose and by any means whatsoever.
3. HANDLING YOUR PERSONAL INFORMATION
3.1. HOW WE COLLECT PERSONAL INFORMATION
We collect your personal information directly from you unless it is unreasonable or impractical to do so.
We do this in ways including:
Through your access and use of our website, apps or sending SMS/MMS to us;
Through someone else who has provided us with your information;
During conversations between you and our representatives (e.g. through our call centre); and
When you complete an application or purchase order.
We may also collect personal information from third parties including:
Third party companies such as credit reporting agencies, law enforcement agencies and other government entities;
Data suppliers (e.g. White Pages and Yellow Pages);
Contractors, sub-contractors and business partners.
3.2. PRIVACY COLLECTION STATEMENT
The primary purpose for which we collect information about you is to enable us to perform our business activities and functions and to provide best possible quality of customer experience. We collect, hold, use and disclose your personal information for the following purposes:
To provide products and services to you;
To provide you with news, information or advice about our existing and new products and services;
To communicate with you, including but not limited to, by email, mail, SMS or telephone;
To manage and enhance our products and services;
To allow third party organisations to contact you to arrange connection of services and the creation of service delivery accounts;
To personalise and customise your experience; to provide you with access to protected areas of our websites;
To conduct promotions on behalf of Redwood Business Consulting and selected third parties;
To verify your identity;
To provide as part of business data to third parties if you have authorised us to do so;
To conduct business processing functions for operation of our websites or our business;
For our administrative, marketing (including direct marketing), promotional, planning, product/service development, quality control and research purposes, or those of our contractors or external service providers;
To provide your updated personal information to us, our contractors or external service providers;
To investigate any complaints about or made by you, or if we have reason to suspect that you are in breach of any of our terms and conditions or that you are or have been otherwise engaged in any unlawful activity; and/or
As required or permitted by any law (including the Privacy Act).
3.3. WHAT HAPPENS IF WE CAN’T COLLECT YOUR PERSONAL INFORMATION
If you do not provide us with the personal information described in this policy, some or all of the following may happen:
We may not be able to provide you with the products or services you requested, either to the same standard, or at all;
We may not be able to provide you with information about products and services that you may want, including information about discounts sales or special promotions; or
We may be unable to tailor the content of our websites to your preferences and your experience of our websites may not be as enjoyable or useful.
3.4. HOW DO WE DISCLOSE YOUR PERSONAL INFORMATION
We may disclose your personal information to:
Our employees, related bodies corporate, partnerships, joint venture entities, contractors or external service providers for the operation of our websites or our business, fulfilling requests by you, and otherwise provide products and services to you, including without limitation, web hosting providers, IT systems administrators, mailing houses, newsagents, couriers, payment processors, photographic analysers, data entry service providers, electronic network administrators, debt collectors, and professional advisers such as accountants, solicitors, business advisors and consultants;
Our sponsors, or promoters of any competition that we conduct or promote via our services;
Specific third parties authorised by you to receive information held by us;
The police, any relevant authority or enforcement body, or your Internet Service Provider or network administrator, for example, if we have reason to suspect that you have committed a breach of any of our terms and conditions, or have otherwise been engaged in any unlawful activity, and we reasonably believe that disclosure is necessary;
As required or permitted by any law (including the Privacy Act).
4. THIRD PARTY LINKS AND WEBSITES
5. DIRECT MARKETING MATERIALS
We may send you direct marketing communications and information about products and services that we consider may be of interest to you. These communications may be sent in various forms, including mail, SMS or email, in accordance with applicable marketing laws, such as the Spam Act 2004 (Cth). If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so.
In addition, at any time, you may opt-out of receiving marketing communications from us by contacting us (details below) or by using the opt-out facilities provided (e.g. an unsubscribe link), or by contacting us using the details below. We will then ensure that your name is removed from our mailing list. We do not provide your personal information to other organisations for the purposes of direct marketing unless expressly authorised by you.
Even if you do opt out of receiving marketing communications from you, you agree that we may still send you information relevant to the supply of any services arranged by us.
If you receive communications from us that you believe have been sent to you other than in accordance with this policy, or in breach of any law, please contact us using the details provided below.
We may conduct surveys from time to time to measure consumer satisfaction and alignment. Survey may also be conducted to improve our system, processes and benefits. This information sourced through you will be used for our internal analysis or for generalization purpose. You can always opt out or choose not to participate in these surveys.
7. ACCESSING AND CORRECTING YOUR PERSONAL INFORMATION
You may request access to any personal information we hold about you at any time by contacting us (details below). Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example, by mailing or emailing it to you. We will not charge for simply making a request and will not charge for making any corrections to your personal information. If you make an access request, we will ask you to verify your identity. There may be instances where we cannot grant you access to the personal information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others, or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal.
If you believe that personal information we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it. We will consider if the information requires amendment. If we do not agree that there are grounds for amendment, then we will add a note to the personal information stating that you disagree with it.
We request that you keep your information as current as possible so that we may continue to improve our service to you.
8. LODGING A COMPLAIN ABOUT POSSIBLE A BREACH OF PRIVACY
We have a formal procedure for investigating and dealing with privacy breaches. Once the Privacy Officer receives a complaint, whether it is in writing or verbal means, the Privacy Officer will commence an investigation with the relevant business unit from which the alleged breach stemmed. The investigator will endeavour to determine the nature of the breach and how it occurred. We may contact you during the process to seek any further clarification if necessary. If a breach is found, the Privacy Officer will escalate the matter to management so that the process can be rectified to prevent any further breaches from taking place. We will also contact you to inform you of the outcome of the investigation. We will endeavour to resolve all investigations within a reasonable time.
We will treat your requests or complaints confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner.
Please contact our Privacy Officer at:
Redwood Business Consulting Pty Limited
Post: 79 Rokeby Street, Collingwood, VIC, 3066
Tel: 03 9070 0700
9. WHAT HAPPENS IF THERE IS AN UNAUTHORISED DISCLOSURE OF PERSONAL INFORMATION
A data breach occurs when personal information is lost or subjected to unauthorised access, modification, use or disclosure or other misuse. Data breaches can be caused or exacerbated by a variety of factors, affect different types of personal information and give rise to a range of actual or potential harms to individuals, agencies and organisations.
Redwood Business Consulting has a documented incident response plan that is intended to enable Redwood Business Consulting to contain, assess and respond to data breaches in a timely fashion, to help mitigate potential harm to affected individuals. It sets out contact details for the appropriate staff in the event of a data breach, clarifies the roles and responsibilities of staff, and documents processes to assist Redwood Business Consulting to respond to a data breach.
In the event that an unauthorised disclosure of personal information is made, Redwood Business Consulting commits to directly contacting affected customers by telephone and/or email within a timely manner. If we are unable to contact you via these means, we will send a registered letter via Australia Post with the details of the incident along with any other relevant information.
10. DISCLOSURE OF PERSONAL INFORMATION OUTSIDE AUSTRALIA
We may disclose personal information to our related bodies corporate, partnerships, joint venture entities and external service providers located overseas for some of the purposes listed above. We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information.
We may disclose your personal information to entities located outside of Australia, including the following:
Our related bodies corporate, partnerships and joint venture entities located in New Zealand and South East Asia;
Our data hosting and Cloud-based IT service providers, located in the European Union; the UK; the USA and Singapore;
Other third parties operating in jurisdictions including New Zealand, Hong Kong and the United States where you have authorised us to do so.
We will take all reasonable steps to protect the personal information that we hold from misuse, loss, or unauthorised access, including by means of firewalls, password access, secure servers and encryption of credit card transactions. If you suspect any misuse or loss of, or unauthorised access to, your personal information, please let us know immediately.
Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third party website and we are not responsible for the privacy policies or the content of any third party website. Third party websites are responsible for informing you about their own privacy practices.