Search

Information Privacy and Security Policy

Purpose

The purpose of this policy is to meet obligations of MyEcoBag®️ under the Privacy Act 1988 in regard to the collection, management and disclosure of customer personal information.

Scope

This policy extends to all Company employees, contractors, agency staff and interns. This policy covers all personal, private, sensitive and health information (known collectively as ‘Personal Information’) held by Company. ‘Personal Information’ refers to an individual, i.e. a natural person and includes Customers, Company employees, commercial / private contractors and agency staff. Personal information cannot be about a corporation or other form of legal person.

Policy Statement

The responsible handling of personal information is a key aspect to good governance practice and is essential to protecting an individual’s right to privacy.

Company is committed to full compliance with its obligations under Privacy Act 1988 and the Australian Privacy Principles (APPs).

Policy Principles

Company will:

  • Only collect and hold personal information that is necessary for its functions and activities, or required to be collected by law.
  • Collect personal information about an individual directly from that individual, if it is reasonable and practicable to do so.
  • Inform the individual about their privacy rights / obligations under the Privacy Act 1988 or any other Act, including the purposes for which the information is being collected.
  • When collecting information about an individual from someone else, take reasonable steps to make the individual concerned aware.
  • Only disclose information it has collected for the purpose for which it was collected or in accordance with the Privacy Act 1988, or where the use or disclosure is specifically authorised by law or any other Act or Regulation.
  • Use or disclose information for law enforcement purposes to assist in the investigation of an unlawful activity that has been committed, being committed or in reporting concerns of the unlawful activity to the relevant authority.
  • Use or disclose information where necessary to lessen or prevent a threat to the life, health, safety or welfare of an individual or group.
  • Endeavour to maintain a secure system for storing information under the condictiones required under the Act.
  • Dispose of information where it is no longer necessary to fulfil the purposes for which the information was collected, or as required by law.
  • Deal with all customer request to update inaccurate, incomplete or out of date information in accordance with the relevant Acts.
  • Give individuals the option of not identifying themselves when supplying information or entering into transactions with the Company, where lawful and practicable.
  • Elect to de-identify information by assigning a number to an individual or group, in those instances where it is reasonable for the Company to do so, and where it is not likely to impact on Company’s ability to perform its duties and functions effectively.
  • Ensure that staff managing personal information are trained and are competent commensurate with their roles and responsibilities.
  • Company’s commitment that breaches / non-conformances are dealt with in a confidential and thorough manner.

 

What is Personal Information

The Privacy Act 1988 defines personal information as: Information or an opinion about an identified individual, or an individual who is reasonably identifiable: whether the information or opinion is true or not; and, whether the information or opinion is recorded in a material form or not.

Information must be about an individual that is, a natural person, e.g. Customers, Company employees, commercial / private contractors and agency staff.

It cannot be about a corporation or other form of legal person as they cannot have “personal information”.

Examples of personal information include:

Factual information

  • A person’s name, address or telephone number, date of birth, gender identity, age, financial details, marital status, education or employment history.

Sensitive information

  • Sensitive information is a type of personal information that encompasses deep and delicate information about someone.

It includes data about ethnic origin, religious belief, sexuality, political affiliations, genetic information, health information, biometric information, membership to trade unions and criminal records.

Health Information

Health Information is another type of personal information and includes individual health disabilities, allergies, injuries and more. Health information can also be considered as sensitive personal information.

Tax Information

Tax information can be considered personal information and should only be disclosed as required by a relevant agency.

Payment Card Information

Credit card information is also personal information, as the information on it is identifiable to a living individual. Fraud and identity theft are the result of credit card data breaches exposing this personal data.

 

Opinions and recordings

  • The information or opinion must be recorded in some form (which includes both electronic and written forms). This includes recorded personal information in forms including film, video, still photography, audio and digital formats like the information stored on computer hard disks, USB drives, compact discs and closed-circuit television (CCTV).
  • Personal information recorded on mobile devices including telephones with text or image capabilities and devices like hand held computers.

External Contractors

While information is usually handled by Company staff, Company may outsource some of its functions to third party organisations. This may require the third party to collect, use or disclose certain information (e.g. cleaning or health information). It is Company’s intention to require all contractors to comply with the  Privacy Act 1988 in all respects.

 

Management of Information

  1. COLLECTION OF PERSONAL INFORMATION

The Company will only collect personal information that is necessary for carrying out its activities, and where reasonable and practicable, collection will be from you directly.

Company does this in a variety of ways, including, but not limited to:

  • During conversations between you and our representatives (face to face or via telephone or video call).
  • When you access and interact with our websites, social networking platforms.
  • When you make an enquiry, provide feedback or complete an application

form (online or in hard copy).

  • From other sources.

(a) Types of information collected by the Company

Personal information collected typically includes, but is not limited, to the following:

  • Name (first name, middle name, initial, surname).
  • Address (residential, postal and / or e-mail).
  • Telephone number (work, home or mobile).
  • Signature.

(b) Creating a single customer record

The company records customer information in its ERP system, compiling and maintaining a secure central customer record for each customer. Your central customer record will contain your current contact details and the history of your contacts with the Company.

This information will be made available to relevant Company officers and service providers for the purpose of responding to customer service requests or any other directly-related purpose.

If you do not want to have a single customer record with the Company, you can choose to opt-out of this process by calling Company on (03) 85666800, lodging an opt-out request email to info@secosgroup.com.au.

 

(c) Photographs

Company takes photographs on Company premises and also in public places. These photographs may be used for publicity purposes.

Before taking photographs to be used for publicity purposes, Company will seek consent (if practicable) from individuals to take and use the photograph(s). Where feasible, this consent will be obtained in writing, using a specific consent form designed for this purpose. However, on certain occasions verbal permission may be applicable.

(d) Online payments

Members of the public are able to make payments online when transacting with Company. The online payment service uses a PCI-DSS (Payment Card Industry Data Security Standards) compliant payment gateway service to collect the credit card details and process payment for Invoices or accounts. Company does not collect or hold credit card information for these payments.

  1. USE AND DISCLOSURE OF INFORMATION

Company will take all necessary measures to prevent unauthorised access to, or disclosure of personal information. Company will not use or disclose your personal information other than for:

  • The primary purpose for which it was collected.
  • A directly related secondary purpose where the individual would reasonably expect the organisation to use or disclose the information for the secondary purpose;
  • In accordance with the Privacy Act 1988 or any other legislative requirements.
  • Authorised or required by law;

Example: Court Order or Subpoena. A Court Order or Subpoena is a legal document issued by the Court which compels a Company staff member to give evidence at a hearing and / or the Company to produce documents in its possession to the Court.

  • For another purpose where the individual concerned has consented or where it is considered reasonable to do so.

Organisations to which Company may disclose personal information may include,

but limited to, the following: The Ombudsman, Office of the Victorian Information Commissioner, debt collection agencies, insurers, legal advisors, contracted service providers, printer and mailing services, Federal and State Government agencies, law enforcement agencies and courts,

  1. DATA QUALITY

Company will endeavour to ensure that the personal information it holds is accurate, complete and up to date.

Company will systematically append and / or update any new personal information you provide to your existing customer record. This ensures that your customer record is complete and up to date.

  1. DATA SECURITY

Company will take all necessary steps to ensure that personal information is stored safely and securely to protect it from misuse, loss, and unauthorised modification and disclosure. This applies to all format types including print and digital in which the information is held.

Refer to SECOS Group Cyber Security Policy and SECOS Group Data Security Policy.

 

  1. ACCESS AND CORRECTION OF INFORMATION

A person is entitled to seek access to their personal information, except in specific circumstances as outlined within the Privacy Act 1988, or seek access to correct or amend a document containing their personal affairs information, where they believe the information is inaccurate, incomplete, out of date, or would give a misleading impression.

As documents in the possession of Company are subject to the FOI Act, access to, or correction of personal affairs information is managed under the FOI Act.

For details on how to make an application under the FOI Act to access your personal affairs information, please email info@secosgroup.com.au

  1. ANONYMITY

Where lawful and practicable, the Company will offer members of the pubic the option of remaining anonymous as part of a transaction with the Company.

However, as anonymity may limit Company’s ability to process a complaint or other matter, Company reserves the right to take no action on any matter where you choose not to supply relevant personal information so that it can perform its functions.

Privacy Complaints

Individuals who feel aggrieved by Company’s handling of their personal information are encouraged to contact Company’s Privacy Officer. Company treats all complaints seriously and will try to resolve them fairly and quickly.

A complaint will be acknowledged within two business days and will be investigated as soon as practicable. You will be provided with a written response within 30 days of the date your complaint is received by Company.

Please submit your complaint to:

Chief Financial Officer

SECOS Group Ltd.

Phone: (03) 8566 6800

E-mail: info@secosgroup.com.au

Where a complainant is not satisfied with the decision of the Company’s Privacy Officer you may apply to – Office of the Victorian Information Commissioner

Post: PO Box 24274, Melbourne VIC 3001

Telephone: 1300 00 6842 (1300 00 OVIC)

Website: https://ovic.vic.gov.au

Email: enquiries@ovic.vic.gov.au

My cart
Your cart is empty.

Looks like you haven't made a choice yet.