“Personal Information” has the meaning as set out in the Privacy Act and is any sort of information or opinion about an individual, whether true or not.
We are committed to ensuring the proper, open and transparent management and use of all Personal Information we collect and handle in accordance with applicable privacy laws, including the Australian Privacy Principles.
All our employees and contractors have responsibilities in respect of this Information Privacy and this policy, which will be regularly communicated.
Management of Personal Information
- The kinds of Personal Information that we collect and hold;
- How, and the purposes for which, we collect, hold and use Personal Information;
- Who we disclose Personal Information to;
- How you may access Personal Information about yourself that we hold and seek the correction of such information;
- How you may complain about a privacy issue or alleged breach of the Australian Privacy Principles and how we will manage such a complaint;
- Whether we are likely to disclose Personal Information to overseas.
Collection and Storage
We will only collect Personal Information that is necessary for our functions and activities. We will only collect Personal Information by lawful and fair means and not in an obtrusive way.
We collect and hold different categories of information depending on the nature of your interaction with us.
Employees, Contractors, Suppliers and Customers
We generally collect Personal Information directly from our employees, contractors, customers and suppliers. Depending on the nature of your interaction with us, this Personal Information may include names and contact details so that we can contact them. For employees and contractors we may also collect certain sensitive information, such as a tax file number, next of kin name and contact details, banking and superannuation details, remuneration details, employment checks (reference checks, Police Checks, Working with Children Checks, etc.), injuries and attendance records.
The purpose of collecting such information is so we can meet our employer obligations (such as payroll and making superannuation contributions), to contact next of kin in an emergency, and to ensure that our people (employees and contractors) have the skills, experience, qualifications and clearances required to perform services for us and our customers.
All Personal Information about employees and contractors will be held securely with restricted access and password protected files.
We may also collect feedback and information from third parties relating to our employees, contractors and suppliers’ performance of services for us. This information is collected for the purposes of monitoring our contractors and suppliers’ performance of services and to ensure that we are able to provide the highest quality products and services to our customers.
If you apply for a position at RedBear IT we may collect your name, contact details and any information that you have provided us as part of your job application. This may include information contained in your CV, your driver’s license and/or passport. We may also collect Personal Information relating to you from third parties you have identified as referees or references in your job application.
We may also require you to undertake criminal record check (“Police Check”), Working with Children Check and/or other pre-employment checks that are required for either ours or our customer requirements. This information is solely used for the purposes of determining your suitability for the role that you have applied for.
Customers and their employees
When you become a customer we may collect Personal Information from you such as your name, contact details and bank account details. All customer Personal Information collected by us is solely used for our business functions and activities. It may be used for the following purposes:
- For billing purposes (e.g. invoicing) and order fulfilment;
- To contact you in relation to our provision of services to you;
- To respond to your requests, enquires, complaints and/or other customer service related activities;
- To maintain your account details;
- To provide technical support – for example, account creation, password reset;
- To provide you with information in relation to our products, services or other information that you may have requested;
- To streamline and personalise your experience while dealing with us;
- To undertake customer satisfaction surveys and to tailor our information, services or products in order to improve and enhance those services and products provided to the customer.
We may also collect from our customers Personal Information relating to its employees and customers; for example, payroll information. This Personal Information is solely used so that we can facilitate provision of the services our customers have requested.
We may use de-identified Personal Information derived from our customers and our customers’ employees and customers use of our products and services in order to collect anonymous demographic and customer usage information. We will then use this anonymous, aggregated information to develop new and or more appropriate services and products to offer to our customers.
Quality of Personal Information
We will ensure, to the extent reasonably possible, that Personal Information collected, used or disclosed is accurate, up-to-date, complete and relevant. If we become aware that any of the Personal Information, we hold is inaccurate we will take prompt steps to update our records so that those records are correct.
If you believe the information we hold is in-accurate, not up-to-date, incomplete or irrelevant, you can ask us to correct the information. Refer to the “Access and Correction of Personal Information” section below.
Data and Security
We take active measures to ensure the security of Personal Information we hold against misuse, interference, loss and unauthorised access, modification or disclosure.
All Personal Information is stored at secure premises. Electronic Personal Information is stored using the highest quality data management tools and IT security systems and controls including passwords and firewalls.
When we no longer require Personal Information, it is securely destroyed and disposed of.
Access to Restricted Information
Our employees and or contractors, during the course of their employment or engagement, may have access to Restricted Personal Information about our Customers in the course of working on our Customers’ IT Systems.
Restricted Personal Information includes but is not limited to:
- Personal Information our Customers hold about their customers and/or clients
- Criminal Records, such as criminal convictions, spent criminal convictions, and other corrective services records
- Personal Information about children and children-at-risk
- Personal Information which is protected at law by the Privacy Act and/or other Prior to being granted access to IT Systems that contain such Restricted Personal Information, we require relevant employees to undergo Police Checks and other Checks (such as a Working with Children Check) to ensure there is not a prohibited reason that prevents them from being in contact with such Restricted Personal Information.
Under no circumstance is such Restricted Personal Information permitted to be used, disclosed, collected, stored or illegally accessed by our employees. Nothing in this policy gives permission to employees to breach the privacy of such Restricted Personal Information.
We take breaches or suspected breaches of such information privacy very seriously, and not just as a breach of this policy but as a breach of relevant legislation. As a result, any breach or suspected breach of policy and/or legislation will be treated as such, with immediate referral to relevant law enforcement authorities for investigation, and or disciplinary action, up to and including termination of employment may result.
We will only engage in direct marketing practices in accordance with the law. At any time an individual or organisation may contact firstname.lastname@example.org to request that it no longer receives any marketing material or information from us.
Disclosure and Retention of Personal Information
As part of providing our services, we may disclose Personal Information to third party suppliers and contractors of services, banks or other financial institutions, and to customers. In these cases, we expect these organisations to protect the privacy of that Personal Information.
In particular, if a customer requires us to provide Personal Information about our staff (employees and contractors) who will be providing services to our customers (for example, Police Clearance Certificates, Working with Children Checks, professional experience/qualifications), this Personal Information is subject to the relevant customer signing a Non-Disclosure Agreement about the collection, use, storage and retention of such Personal Information.
Other than in the cases outlined above, we will not disclose Personal Information to any other third party unless we have reasonable grounds to believe:
- The individual has authorised the disclosure;
- The safety of the individual, or the safety of others in the community is at risk;
- we are required or permitted by law to do so (includes responsibilities related to statutory reporting and preventing breaches of the law).
As a provider and user of cloud services, we retain Personal Information on servers within Australia.
We will store any personal information provided to us, or which we obtain about you, with any other personal information we may hold about you, which shall include but is not limited to the use of paper files, electronic files and databases.
We will take all reasonable steps to ensure that no person or entity, including any overseas entity, breaches any privacy laws applicable either locally, or in the country where the entity is located.
We only retain Personal Information for as long as required by law and needed for our business functions and activities. It is then securely destroyed and disposed of.
Accessing our websites will result in some information being logged including the time of access, your IP address and the pages that have been viewed or accessed.
Our websites may contain links to external websites. We are not responsible for the content or privacy policies that govern such external websites. Our website uses Google Analytics. You can understand how Google uses your data at https://policies.google.com/technologies/partner-sites.
Access and Correction of Personal Information
Subject to verification of your identity, if we hold Personal Information about you, you may make a request to access, update or correct this Personal Information.
Access and correction requests should be made in writing to one of the contact addresses below.
We will endeavour to respond to written requests for access and correction of Personal Information within 10 business days after a request is received by us, unless extenuating circumstances exist.
We will take all reasonable steps to ensure that Personal Information is accessed by employees/contractors only to the extent necessary for us to undertake our business activities.
All complaints relating to the handling and management of Personal Information by us or any breach of the applicable privacy laws, including the Australian Privacy Principles should be addressed to one of the contact addresses below.
In order to deal with complaints appropriately, please include the information listed below together
with your complaint:
- a summary of the privacy concern or alleged breach;
- any action, or inaction, we have taken, or failed to take, regarding the matter;
- copies of any relevant documentation in connection with the complaint, including any communications that we have had with you.
Our Privacy Officer will investigate the complaint, and, if necessary, may refer the complaint to the relevant department that the complaint relates to or refer the complaint to an external investigator contracted by us. We will endeavour to respond to complaints within 20 business days unless extenuating circumstances exist.
We will take immediate steps to redress proven privacy concerns or breaches.
If you are not satisfied with our response and your complaint relates to a privacy concern or alleged breach, you may take your complaint to the Office of the Australian Information Privacy Commission (Telephone: 1300 363 992).
This policy can be viewed on our website at www.redbearit.com.au
You can also request a copy of this policy from one of the contact addresses below.
The Privacy Officer RedBear IT
PO Box 13138