I. Introduction
This website is owned and run by Hamelin Brands Pty Ltd. Hamelin respects the privacy of every individual who visits any of its websites. We have reviewed our policies and procedures that affect the way we collect, store and use your personal information to make sure that we comply with the Australian Privacy Principles (‘APPs’) applicable since amendments to the Privacy Act 1988 came into effect on 12 March 2014.
II. Scope of this policy
This policy specifically addresses and is applicable to the collection, dealing, access and integrity of personal information. It must be noted that not all information collected is personal information. Information from which an individual’s identity can be derived is personal information. De-personalised or aggregated data which masks the identity of an individual is not personal information.
III. The Australian Privacy Principles (APPs)
The APPs are structured to reflect the lifecycle of personal information and are grouped into five parts, viz;
Part 1 – Consideration of personal information privacy
APP 1 – Open and transparent management of personal information
APP 2 – Anonymity and pseudonymity
Part 2 – Collection of personal information
APP 3 – Collection of solicited personal information
APP 4 – Dealing with unsolicited personal information
APP 5 – Notification of the collection of personal information
Part 3 – Dealing with personal information
APP 6 – Use or disclosure of personal information
APP 7 – Direct marketing
APP 8 – Cross-border disclosure of personal information
APP 9 – Adoption, use or disclosure of government related identifiers
Part 4 – Integrity of personal information
APP 10 – Quality of personal information
APP 11 – Security of personal information
Part 5 – Access to and correction of personal information
APP 12 – Access to personal information
APP 13 – Correction of personal information
The key aspects of the APPs are summarised herein below:
a) Openness: An organisation must have a policy document outlining its information handling practices and make this available to anyone who asks for it. It must also manage personal information in an open and transparent manner. (APP 1)
b) Anonymity and Pseudonymity: A customer should be able to be anonymous when conducting transactions, if practicable and legal. (APP 2)
c) Collection: An organisation may only collect personal information that is reasonably necessary for one of more of its activities and the collection must be lawful and fair. A person must be given certain prescribed information at the time of collecting information from them. (APP 3)
d) Dealing with Unsolicited Personal Information: Under APP 4, should an organisation receive unsolicited personal information, it is required to (within a reasonable period after receiving such information) determine whether it could have collected such information and;
• if the organisation could not have collected such personal information, then it should destroy such information should it be reasonable and lawful to do so; or
• in other circumstances, notify the individual concerned of the receipt of such information and then use, disclose and deal with such information (under APPs 5 to 13).
e) Notifying the collection of Personal Information: Either before or at the time of collecting personal information, or as soon as practicable after collecting such information, an organisation must notify the individual on identity of the organisation collecting such information, the circumstances in which it collects such information, the fact that such information is collected under a legislative requirement and such other purposes as stated in APP 5. (APP 5)
f) Use and Disclosure: An organisation must only use or disclose personal information for the primary purpose of the collection or a related secondary purpose which a person would reasonably expect or with the individual’s consent. (APP 6)
g) Direct Marketing: An organisation must not use or disclose personal information that it holds for the purposes of direct marketing, subject to certain exceptions. (APP 7)
h) Cross-border Data Flows: Personal information should not be transferred to countries which do not have equivalent data protection. Reasonable steps must be undertaken to ensure that the overseas recipient does not breach the APPs. (APP 8)
i) Use of Government Identifiers: An organisation must not use or disclose a prescribed identifier (for instance; Medicare number or Tax File Number) as a method of identifying a person for their records. Permitted general exemptions do apply where the use or disclosure of the specific government related identifier is possible by an organisation. (APP 9)
j) Information Quality: An organisation must take reasonable steps to ensure the relevance, accuracy and completeness of its information records in relation to personal information. (APP 10)
k) Information Security: An organisation must take reasonable steps to protect the personal information it holds from misuse, interference, loss, unauthorised access, modification or disclosure. (APP 11)
l) Access: Access to personal information must be made available on request to the individual, unless it is prevented from doing so under the APPs. (APP 12)
m) Correction: An organisation must correct personal information it holds, having regard to the purpose for which it holds such information, to ensure that it is accurate, complete, relevant and not misleading. (APP 13)
Sensitive Information: An organisation can only collect and use sensitive information with the individual’s consent. We generally do not collect or use sensitive information, other than for the purposes of direct marketing (see section on ‘direct marketing‘ below).
IV. Collection of Personal Information
We will only collect information that is necessary for us to establish and maintain contact with you including your personal name, your company name, your State/Territory, your email address and type of business.
If you provide information about yourself by subscribing to an email newsletter, by filling out an online survey, by participating in an online promotion or otherwise by telling us about yourself or your activities, we will collect that information for our own use.
V. Hold, Use and Disclosure of Personal Information
We consider your personal information as confidential and any information you choose to provide will only be used for the purpose for which it was provided. We will not use or disclose (share, sell or divulge) any of your personal information to third parties unless we have informed you, have been authorised by you or unless the use or disclosure is:
• Required or authorised by or under law; or
• Otherwise permitted under the Privacy Act (see exceptions below).
Your data may be used in order to:
• Verify your identity;
• Assist you to subscribe to our newsletter or to provide you with other products or services;
• Administer and manage those services including charging, billing and collecting debts;
• Make changes to your profile;
• Research and develop our products and services;
• Maintain and develop our business systems and infrastructure, including testing and upgrading of those systems;
• Respond to any queries or feedback you may have.
VI. Unsolicited Personal Information
Any unsolicited personal information that may be obtained will be dealt with in accordance with APP 4 and will be destroyed by us, unless we are required by law or circumstances exist for us not to de-identify or destroy such information.
VII. General Exceptions to the collection, use or disclosure of Personal Information
The information handling requirements imposed by some APPs do not apply if a ‘permitted general situation’ exists. This exception applies in relation to the following:
• collection of sensitive information (APP 3)
• use or disclosure of personal information (APP 6 and 8); and
• use or disclosure of a government related identifier (APP 9).
There are seven permitted general situations pursuant to section 16A of the Privacy Act 1988:
a) lessening or preventing a serious threat to the life, health or safety of any individual, or to public health or safety [refer to APP 3.4(b), 6.2(c), 8.2(d) and 9.2(d)]
b) taking appropriate action in relation to suspected unlawful activity or serious misconduct [refer to APP 3.4(b), 6.2(c), 8.2(d) and 9.2(d)]
c) locating a person reported as missing [refer to APP 3.4(c), 6.2(c) and 8.2(d)]
d) asserting a legal or equitable claim [refer to APP 3.4(c) and 6.2(c)]
e) conducting an alternative dispute resolution process [refer to APP 3.4(b) and 6.2(c)]
f) performing diplomatic or consular functions – this permitted general situation only applies to agencies [refer to APP 3.4(b), 6.2(c) and 8.2(d)]
g) conducting specified Defence Force activities – this permitted general situation only applies to the Defence Force [refer to APP 3.4(b), 6.2(c) and 8.2(d)]
VIII. Direct Marketing and Personal Information
Unless exempted under law and APP 7, should we be permitted to use or disclose your personal information for any direct marketing activity, which involves the use or disclosure of your personal information to communicate directly with you as an individual to promote our goods and services, we will always provide you with an option not to receive such direct marketing communications (also known as ‘optingout‘) and shall comply with that request. In the absence of opting out, you consent to us using your personal information for our direct marketing activities.
IX. Quality and Access to Personal Information
We will endeavour to ensure that all data collected on you is accurate, relevant, complete and correct. If you wish to review, update or remove any personal information you have submitted, please contact our Privacy Officer as provided below.
You can also request that we delete your personal information by following the link provided in our newsletter. We will make a reasonable effort to delete your personal information once you unsubscribe and you will no longer receive any further correspondence from us, including our newsletter.
However, we may be restricted from providing access to an individual’s personal information under certain circumstances (refer to APP 12.3 from the Office of the Australian Information Commissioner www.oaic.gov.au).
X. Security of Personal Information
We use a variety of physical and electronic security measures including restricting physical access to our offices, firewalls and secure databases to keep personal information secure from misuse, loss or unauthorised use or disclosure.
Your data is collected only to assist us with your enquiry and is stored in a secure database. Information stored on computer is password protected and only accessible by authorised staff informed of the importance we place on protecting your privacy and their role in helping us to do so.
We will destroy or delete your personal information once it is established that we have no further use for it.
Please note that the Internet is not a secure environment. If you send us information, including your email address, it is sent at your own risk.
XI. Use of Cookies
We are committed to full compliance with the APPs in all aspects of its dealings with you. However, we are not responsible for the content of any other web site that you may access to or from this site. A company linked through our web site may, by the use of cookies, collect information if you access their site.
A ‘cookie’ is a small file sent to your computer and stored in the memory of your browser. Cookies cannot access and read files on your hard drive and cannot be used as a virus. Due to the way the Internet operates, we cannot control this collection of data. Most Web browsers are initially set up to accept cookies. You can set your browser to refuse all cookies or to notify you each time a cookie is sent to your computer. For more information on disabling cookies please visit www.microsoft.com/info/cookies.htm.
By using our Web site, you consent to the collection and use of your personal information as outlined in this Policy.
Your visit to our web site we may leave a cookie in the memory of your web browser storing non-personal information used to identify you as a unique user, such as your server address, date and time of your visit and any pages viewed. This data remains anonymous and we do not link it to any other personal information. We may use this information to build up a customer profile about you which allows us to personalise our service and provide offers or marketing materials which may be of interest to you.
XII. Use of Identifiers
We do not use Commonwealth identifiers (such as your Tax File Number, Medicare number, etc) as a means of identifying the personal information that we have collected about you, save as required and permitted under law.
XIII. Children’s privacy
We do not actively seek to gather data from children (a person under the legal age of 18 years of age), there may be circumstances where they, of their own volition, provide data through social media sites (for instance, Facebook or Twitter). We would encourage parents and guardians to provide adequate protection measures to prevent children from providing information unwillingly on the internet. If we are aware of any data that we have collected about children without their consent, we will endeavour to delete it.
XIV. Anonymity & Pseudonymity
You can visit our web site and find out about our products or services without giving us any personal information about yourself. You may also deal with us using a pseudonym.
Kindly note that as per law, your right to deal with us anonymously or pseudonymously is restricted where we are required or authorised by or under an Australian law, or a court/tribunal order, to deal with individuals who have identified themselves’. Further, if we are required by a law or order to deal only with an identified individual it will be necessary for you to provide us with adequate identification.
Your right is also restricted if it is impracticable for us to deal with you directly as an individual that has not identified yourself, for instance, where we might be required to deliver goods to you as an individual at a designated address, or in instances of dispute resolution.
XVI. Complaints
If you wish to gain access to, correct or delete your personal information of if you have a complaint about a breach of your privacy or you have any query on how your personal information is collected or used, please forward your request, complaint or query to the address below. Our Privacy Officer will investigate your concerns and will respond to you in writing (usually within 30 days ).
XVII. Changes to this Privacy Policy
We may amend this Privacy Policy as our business requirements or the law changes. Any changes to this Privacy Policy will be updated on our Web site, so please visit this Web site periodically to ensure that you have our most current privacy policy.
XVIII. Our Contact Details
Hamelin Brands Pty Ltd
Attention: The Privacy Officer
Level 6, 91 Phillip Street
Parramatta NSW 2150
Australia
Phone: 1300 655 667 email: customersupport.au@hamelinbrands.com
XIX. Further Information
Further information about Australian privacy issues, please visit the website of the Office of the Australian Information Commissioner at www.oaic.gov.au/privacy/applying-privacy-law/app-guidelines/ .