This policy is a public document that sets out our approach in relation to the treatment of Personal Information. It outlines our collection, use, disclosure, security measures and individual’s right to access and correct Personal Information.
The Telecommunications Act 1997, the Privacy Act 1988 (including the new National Privacy Principles) (the Privacy Act) and the ACIF Code on the Protection of Personal Information of Customers of Telecommunications Providers as statutory references and do not alter any of our obligations under these existing laws and codes.
- We will only collect Personal Information where it is necessary for us to perform one or more of our functions or activities. In this context, “collect” means to obtain by the only means; being your decision to apply via our website.
- We collect Personal Information mainly to offer our clients assistance in their current issues through our services and with our associates that we need to engage to support your need for assistance with the services reuired by you and your associates or companies, as requested from you to us and our Related Bodies Corporate (Group Companies), and also for:
- billing and account management;
- business planning and product development; and
- to provide individuals with information about your issues, as well as the products and services of our Group Companies and our partners (including other associated companies).
- We will only notify our associates of the information below before collecting any Personal Information:
. The main reason that we are collecting Personal Information (Primary Purpose);
- Other related Uses or Disclosures that we may make of the Personal Information (Secondary Purposes);
- Our identity and how individuals can contact us, if this is not obvious;
- That individuals will only offer the Personal Information we hold about them;
- That only individuals should contact us if they wish to access or correct Personal Information given to us by them or have any concerns in relation to Personal Information;
- The organizations or types of organizations to whom we usually disclose the Personal Information;
- Any law that requires the Personal Information to be collected;
- The consequences (if any) for the individual if all or part of the Personal Information is not provided to us.
- Where it is not practicable to notify individuals before the collection of Personal Information, we will ensure that individuals as soon as possible after the collection.
- We will only collect Personal Information over the telephone, by the individual to us and this person will hold indemnity against us when supplying this information at their own free will and they will provide the balance of the Collection Information in a confirming letter.
- We will not collect Sensitive Information without prior consent and only where it is necessary for our activities or function, to assist them in their desires to have our company assist them in resolving any issues in their day to day business.
- We will not collect Personal Information secretly or in an underhanded way.
- We will obtain an individual’s consent for Use of non-sensitive Personal Information for Secondary Purposes at the time of collection, unless such Use would be within the relevant individual’s Reasonable Expectations.
- We Use Personal Information primarily for the purposes to assist the client.
- Where we rely on the Direct Marketing exception to Direct Market to individuals, we will ensure that:
. The individual is clearly notified of their right to Opt Out from further Direct Marketing;
- There is only one Use of the information before the Opt Out right is given and this Use applies across all our Related Bodies Corporate (if the information is shared between those Related Bodies Corporate);
- The individual is given an Opt Out in all further instances of Direct Marketing if they have not previously chosen to Opt Out; and
- The individual’s decision to Opt Out of all Direct Marketing will be respected by us.
- We won’t use Sensitive Information for Direct Marketing.
- We may use Personal Information to avoid an imminent threat to a person’s life or to public safety, and for reasons related to law enforcement or internal investigations into unlawful activities.
- We won’t use Personal Information without taking reasonable steps to ensure that the information is accurate, complete and up to date, as supplied by them.
- We won’t attempt to match unidentified or anonymous data collected through surveys or such online devices as “cookies”, with information identifying an individual, without the consent of the relevant individual.
- We may Disclose Personal Information to related or unrelated third parties if consent has been obtained from the individual, including consent for Disclosures made under the credit reporting requirements of the Privacy Act.
- We may Disclose Personal Information between Related Bodies Corporate, in which case that Related Body Corporate is bound by the original Primary Purpose for which the information was collected.
- We may Disclose Personal Information to unrelated third parties to enable outsourcing of functions (such as billing), for a related Secondary Purpose, in which case the individuals will be notified of our usual Disclosures via the Collection Information, as outlined in 3, or where such Disclosure is within the individual’s Reasonable Expectations.
- We will take reasonable steps to ensure that our contracts with third parties include requirements for them to comply with the Use and Disclosure requirements of the Privacy Act.
- We may Disclose Personal Information to law enforcement agencies, government agencies, courts or external advisers where permitted or required by law.
- We may Disclose Personal Information to avoid an imminent threat to a person’s life or to public safety.
- If a Disclosure is not for a Primary or Secondary Purpose, or upfront consent has not been obtained, we will only Disclose Personal Information as per the exceptions set out at 16 to 21 above.
- We do not generally sell or share customer lists on a commercial basis with third parties but if we did, we would ensure we had the appropriate consent of the individual involved. If the consent provided is conditional, we will take steps to ensure (by contract) that the use of its customer list by third parties does not exceed the scope of the consent.
- We will regularly review our collection and storage practices to ascertain how improvements to accuracy can be achieved.
- We will destroy or de-identify Personal Information after as short a time as possible and after a maximum of seven years, unless the law requires otherwise.
- We require employees and contractors to perform their duties in a manner that is consistent with our legal responsibilities in relation to privacy.
- We will take all reasonable steps to ensure that records containing Personal Information are stored in facilities that are only accessible by our staff who have a genuine “need to know” as well as “right to know”.
- We will regularly review our information security practices to ascertain how ongoing responsibilities can be achieved and maintained
Access and correction
- We will allow our records containing Personal Information to be accessed by the individual concerned in accordance with the Privacy Act.
- We will correct our records containing Personal Information as soon as practically possible, at the request of the individual concerned in accordance with the Privacy Act.
- Individuals wishing to lodge a request to access and/or correct their Personal Information should contact us as per the details at the end of this document.
- We will not charge a fee for processing an access request unless the request is particularly resource intensive.
- Individuals wishing to make an inquiry or complaint regarding privacy, should contact our Customer Service department as per the details at the end of this document.
- Privacy complaints will be managed in accordance with our Complaint Handling Policy, which complies with the Australian Communications Industry Forum’s Complaint Handling Industry Code.
- We will not make it mandatory for visitors to our web sites to provide Personal Information unless it is required to answer an inquiry or provide a service. We may however request visitors to provide Personal Information voluntarily (for example, as part of our company’s policy and perusal of their business before we can establish a mutual working arrangement between us).
- We will allow our customers to transact anonymously wherever reasonable and practicable.
Transferring personal information overseas
- We will take reasonable steps to limit the amount of Personal Information it sends to unrelated organizations overseas.
- If Personal Information must be sent overseas for sound business reasons, we will require the overseas organization receiving the information to provide a binding undertaking that it will handle that information in accordance with the National Privacy Principles, preferably as part of the services contract.
Collection Information means the information outlined in 3 notified to individuals prior to, or as soon as practical after, the collection of their Personal Information, as given to us by them.
Direct Marketing means the marketing of our services (or those of a Related Body Corporate or those of an independent third party organization) by communications including written, verbal or electronic means.
Disclosure generally means the release of information outside of CMS including under a contract to carry out an “outsourced function” with any one or more of our trusted associates that we will engage to assist you in your business needs.
Health Information means:
- information or an opinion about:
i. the health or a disability (at any time) of an individual; or
ii. an individual’s expressed wishes about the future provision of health services to him or her; or
iii. a health service provided or to be provided to an individual that is also personal information; or
- other personal information collected to provide or in providing a health service; or
- Other personal information about an individual.
Personal Information means information or an opinion (including information or an opinion forming part of a database), whether true or not and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained from the information or opinion.
Primary Purpose is the dominant or fundamental reason for information being collected in a particular transaction.
Reasonable Expectation means a reasonable individual’s expectation that their personal information might be Used or Disclosed for the particular purpose.
Related Body Corporate means a body corporate that is: a holding company of another body corporate; a subsidiary of another body corporate; or a subsidiary of a holding company of another body corporate.
Sensitive Information means information or an opinion about an individual’s: racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, and criminal record. It also includes Health Information about an individual.
Use means the handling of Personal Information within CMS..
Contacting Us About Privacy
Telephone: 1300 any day, 7am to 11pm