The privacy of your personal information is treated with the highest level of importance by the Etherstack plc group of Companies (“Etherstack” or the “Group”), comprising Etherstack plc and its controlled entities.
The Group is bound different legislative requirements.
In Australia, the Group is bound by the Privacy Act 1988 (Cth) (Act) regarding the manner in which we handle your personal information, and Etherstack will strictly comply with all relevant legislative requirements.
In the European Union (EU) (including the European Economic Area (EEA)), the section ‘European residents’ below provides further information about our processing of your personal information we collect and your additional data subject rights in relation to the processing of your personal information (otherwise known as personal data) under the EU General Data Protection Regulation (2016/679) (“GDPR”) by members of the Group that are subject to the scope of the GDPR.
What kinds of personal information do we collect?
Personal information means any information about an identified individual or an individual who is reasonably identifiable or as otherwise defined by applicable data protection law. It does not include information that is de-identified (anonymous data). We collect personal information about customers and potential customers and their personnel, suppliers and their personnel, our employees, partners, contractors, and former or prospective employees, partners and contractors, and other people who come into contact with a member of the Group. The kinds of personal information that we collect and hold include:
- contact information, including postal and residential addresses, telephone and facsimile numbers, and email addresses;
- credit information, if a customer applies for a credit account with us;
- details of the make and model of any product or service or licence you purchase from us;
- data relating to your activity on our websites via tracking technologies such as cookies;
- details of any survey responses you provide;
- bank account and tax file details; and
- for job applicants or staff, employment history, educational qualifications, reference checks, payroll information and medical information (where relevant).
How do we collect and hold personal information?
We will only collect personal information where it is reasonably necessary to do so for the conduct of our business. Any collection of personal information by us will be fair and lawful and will not be intrusive.
We will collect personal information about you in the following ways:
- if you provide your information by telephone, post, email or facsimile, or in person;
- if you contact us via email or submit your information through our website(s); and/or
- if you purchase products from us, or require us to provide services to you.
If it is reasonable and practical to do so, we will collect personal information about you only from you. In the course of operating our business, however, we may collect personal information about you that is publicly available or from third parties (such as online search tools, publicly available registers and from our suppliers, advertisers, mailing lists, recruitment agencies, contractors and business partners). We will do this where we cannot contact you and need to update your contact details, or where we need information about individuals from third parties to help us provide our services to customers.
If we collect personal information about you from a third party we will, where appropriate, request that the third party inform you that we are holding such information, how we will use and disclose it, and that you may contact us to gain access to and correct and update the information.
When we collect personal information from you, we will take reasonable steps to either notify you or ensure you are aware of:
- the Group entity which is collecting your personal information, and their contact details;
- that we have collected your personal information, and whether that collection is required or authorised by law;
- the purposes of collection;
- the consequences if personal information is not collected (such as if this will affect our ability to provide products or services to you);
- our usual disclosures of personal information of the kind collected;
- whether we are likely to disclose personal information to overseas recipients, and if practicable, the relevant countries in which they are located; and
- any other information we are required by law to provide to you.
How do we hold personal information?
We will hold personal information as either physical records, records on our servers, and in some cases, records on third party servers, which may be located overseas. We take reasonable steps to hold all hard copy and electronic records of personal information in a secure manner to ensure that they are protected from misuse, interference and loss, and unauthorised access, modification or disclosure. We have processes in place to destroy or de-identify personal information once it is no longer needed for a valid purpose or required to be kept by law.
Purposes for which we collect, hold, use and disclose personal information
In general, members of the Group will collect, hold, use and disclose personal information for the purposes of providing or offering goods and services to our customers. By providing us with your personal information, you consent to us using and disclosing your personal information for the following purposes:
- providing goods and services to you;
- providing you with news and information about our products and services;
- sending you marketing and promotional material that we believe you may be interested in, either from any of our related entities or a third-party business which we consider may be of interest to you;
- personalising your experience with our products and services, for example, via connectivity with social media services;
- conducting competitions or promotions on behalf of us and selected third parties;
- allowing us to run our business and perform administrative and operational tasks;
- for job applicants, assessing your eligibility for employment within the Group; and
- disclosing that information to third parties (such as our agents, contractors and suppliers) to undertake the above purposes on our behalf.
You may opt out of receiving marketing and promotional material from the Group at any time.
There may be circumstances in which we are authorised or required by law to use or disclose your personal information. For instance:
- A number of laws require the provision of personal information to third parties, including the Corporations Act 2001 (Cth). The precise information required to be provided will vary depending on the circumstances requiring disclosure of that information; and/or
- We may also use or disclose personal information about you to avoid, lessen or prevent a serious emergency or crime. If we use or disclose personal information about you in those circumstances, we will make a written record of such use or disclosure.
We may disclose personal information between members of the Group (in the countries identified on our website). This could depend on the product or service and the Group member that you are dealing with. This enables us to have a complete understanding of you and your needs in connection with the product or services we are providing to our customers. We may also disclose personal information to third parties such as our suppliers, organisations that provide us with marketing, technical and support services, or our professional advisors, where permitted by the Privacy Act (or GDPR where applicable, see below).
Any disclosure that is required to be made to any third party will be made primarily for the purpose of providing or offering goods and services to our customers. If we disclose information to a third party, we generally require that the third party protect your information to the same extent that we do.
How do we handle credit information?
We sometimes provide products and services to our customers on credit. In the course of providing credit, we will sometimes collect certain credit information from individuals. Such credit information may include:
- identity and contact information about a customer or employee, director or trade reference of a customer;
- details about a person’s employment with, or directorship of, a customer (e.g. position title, length of service etc.);
- details of other credit arrangements including the relevant dates and applicable terms and conditions;
- details of previous credit applications including the amount and type of credit and credit limit; and
- details of any credit defaults, adverse court judgments or insolvency.
By providing us with your credit information, you consent to us using and disclosing your credit information for the following purposes:
- to assess relevant credit or guarantee applications;
- to monitor and produce assessments in relation to your credit worthiness;
- to review and manage your credit account;
- to obtain credit reports and disclose credit information to credit-reporting bodies; and
- to disclose credit reports to any solicitors and mercantile agents for enforcement and recovery purposes.
Under the Australian Privacy Act, individuals may request credit-reporting bodies not to use their credit-related personal information to determine their eligibility to receive direct marketing from credit providers and to not use or disclose their credit information, if they have been or are likely to be a victim of fraud.
Please see other sections of this Policy for further information regarding access, correction, complaints and how we generally handle personal information.
How can you access your personal information?
You have a right to request access to your personal information and to request its correction if it is out of date or incorrect. You may request access or correction at any time by sending a written request to our Privacy Officer. You do not need to provide a reason for your request for access to your personal information. We may charge a small fee for providing access to your personal information if it requires a significant amount of time to locate or collect your information or to present it in an appropriate form. We will not charge you to correct your personal information that we hold in our records.
We will respond to all requests for access to or correction of personal information within a reasonable time.
Please note there may be circumstances in which we are not able to provide you with access to your information, such as where the requested access will have an unreasonable impact upon the privacy of others or where we are required by law to withhold the information. If we are unable to provide you with access to your information, or make the amendments which you have requested, we will provide you with reasons for this decision (unless restricted to do so by law).
If you are an individual based in Europe and a Group entity offers or provides products or services to you, or has dealings with you in an employment context, the processing of your personal information will be subject to the GDPR and the following additional information applies.
The Group entity that you have contracted with is the data controller for the purposes of processing your personal information. We have a Privacy Officer who will also be appointed as a Data Protection Officer if we have a legal obligation to do so.
Our Legal grounds for processing: We rely on the following legal grounds to process your personal information:
- contract performance – we may collect and process your personal information to enter into a contract with you or to perform our obligations under a contract to which you are a party;
- if it is necessary to pursue our legitimate interests and does not override your rights and interests – this is the usual basis on which we carry our business for the purposes set out above and includes when we carry out research, conduct direct marketing or otherwise communicate with you;
- with your consent – where required, we will only use your personal information for the purposes for which you have given your valid or explicit consent. For instance, we need your consent to collect and use your sensitive information such as your health information or to send you direct marketing; and
- to comply with laws or regulations that apply to us including exercising our rights – we may use and process your personal information where we are required by applicable laws, regulations or codes.
Transfer of information outside Europe: If we or our service providers or one of our related entities transfers your personal information outside Europe or onwards to a third country from Australia, we will ensure that it is protected and transferred in a manner consistent with legal requirements applicable to the information. We will do this by one of the following:
- sending it to a country approved by the European Commission as having an adequate level of protection for personal information;
- the recipient has signed a contract based on standard “model contractual clauses” approved by the European Commission, requiring them to protect your personal information (see here);
- if the recipient is located in the US, it may be a certified member of the EU-US Privacy Shield scheme or another valid scheme; or
- obtaining your explicit and informed consent to the proposed transfer.
How long do we retain your personal information?
We retain your personal information for as long as necessary to provide our services and products to our customers, to comply with our legal obligations, resolve disputes, and enforcing our rights and policies.
Your additional rights and choices: In addition,
- erasure: You can ask us to erase your personal information without undue delay in certain circumstances such as if you withdraw your consent and we otherwise have no legal reason to retain it;
- restrictions of processing: You can object to, and ask us to restrict, our processing of your personal information in certain circumstances, such as while we verify your assertion the information is inaccurate or if we are processing your information for our legitimate interests or for direct marketing purposes (we may be legally entitled to refuse that request);
- data portability: You can, in some circumstances such as where we are processing your information with your consent, receive some personal information you have given us in a structured, commonly used and machine-readable format and/or ask us to transmit it to someone else if technically possible feasible;
- right to object: You can withdraw your consent (but we may be able to continue processing without your consent if there is another legitimate reason to do so); and
- right to complain: You can lodge a complaint with the relevant European data protection authority if you think that any of your rights have been infringed by us.
If we refuse any request you make in relation to your personal information rights, we will write to you to explain why and how you can make a complaint about our decision.
Cross Border Disclosures of Information
We may disclose your personal information to overseas recipients in the following circumstances:
- to any members of the Group that are located overseas;
- to our vendors and/or service providers who provide services to us (including direct marketing services), where such information may be processed and/or stored by our vendors and/or service providers on servers located in the United States of America; and
- any courts, tribunals and regulatory authorities that are based overseas, where disclosure is required by law.
Where practicable, we are required to provide the option for you to deal with us anonymously or under a pseudonym. This option will not be available where we are required or authorised by law to deal with individuals who have identified themselves, or if we need to verify your identity in order to provide products or services to our customers.
How to submit a query or complaint
If you have any queries or believe that we may have breached the Australian Privacy Principles, or failed to comply with this policy, you may direct your complaint to our Privacy Officer. We take all complaints seriously, and will respond to your complaint within a reasonable period. If you are dissatisfied with the handling of your complaint, you may contact the Office of the Australian Information Commissioner:
Office of the Australian Information Commissioner
GPO Box 5218,
Telephone: 1300 363 992
If you are an individual based in the EU, you may also have the right to make a complaint to the relevant data protection authority (for example in the place you reside or where you believe we breached your rights).
Our Privacy Officer can be contacted as follows:
93A Shepherd Street,
Phone 02 8399 7500