This Policy was last updated on 23/11/2018.
If you are located in the European Union (EU) (including the European Economic Area (EEA)), the section ‘European residents’ below provides further information about our processing of your personal data and your additional data subject rights in relation to the processing of your personal data under the EU General Data Protection Regulation (2016/679) (GDPR).
By voluntarily supplying us with your personal or credit information, you are agreeing to be bound by this Policy.
Collection of personal information
The type of personal information we may collect and hold about you includes, but is not limited to:
- information you provide to us at our request including your name and address and, when you use our web site, your domain name and e-mail address;
- financial information, including bank and cheque account details and credit card details, and information about your credit history;
- details about your purchases and orders from us and your product and services preferences;
- employer details;
- business details (including Australian Business Number (“ABN”);
- information you provide as part of using the software that we distribute; and
- if you apply for employment with us, details regarding your employment history, educational qualifications and similar information.
In addition, we may collect and hold the following credit information:
- identification information – name, date of birth, current or previous address, driver’s licence number;
- type and amount of credit sought;
- trade references – name of entity, ABN, contact name, telephone number, fax number, email, years trading with you; and
- publicly available information about an individual’s creditworthiness.
We collect, hold and disclose your personal and credit information for the following purposes:
- as a necessary part of providing our goods and services, including distributing software, to you;
- to promote and market our products and services to you or provide you with information that we believe may be of interest to you (unless as directed otherwise);
- to personalise and customise your experiences with our website;
- to help us research the needs of our customers and to market our goods and services with a better understanding of your needs and the needs of customers generally;
- inviting you to seminars and functions which we think may interest you;
- any other purpose to which you have consented; and
- other purposes related to any of the above.
We will only use your information for the purposes for which it was collected (“primary purposes”) or a purpose related to the primary purpose, if this use would be reasonably expected by you, or otherwise, with your consent.
If you do not wish us to use your information in any of the above ways, please contact us (see addresses under paragraph entitled “Contact us”).
Means of collection of personal and credit information
Your personal and credit information may be collected in a number of ways, including:
- directly by our staff when you seek, or enquire about, our services;
- when you use our website or complete a form on our website; or
- when you register and use our Sentek software products.
In some circumstances, where it is unreasonable or impracticable to collect information from you, we may collect information about you from a third party source. For example, we may collect information from a publicly maintained record.
In addition to the methods above, we may collect credit information from other credit providers, subject to any restrictions at law.
You need not provide all the information requested by us, but this may prevent us from providing some or all of our goods or services to you.
Accuracy and completeness of personal information
While we will endeavour to ensure that the personal information collected from you is up to date and complete, we will assume that any personal information provided by you is free from errors and omissions, is not misleading or deceptive and complies with relevant laws.
We rely on the personal information provided by you. We will not check or verify the accuracy of any personal information we obtain from you or other persons.
You should provide us with details of any changes to your personal information as soon as reasonably practicable following such change.
Distribution of your personal information
We do not permit the information we hold to be distributed to third parties unless:
- we consider it necessary to provide it to a third party who assists us to provide, manage and administer our goods and services;
- you have consented or requested your personal information to be provided to a third party; or
- we are required or permitted by law to provide information to a third party.
People we may disclose your information to include:
- third parties that provide goods and services to us or through us;
- third parties, such as marketing and digital agencies, who may send to you our e-newsletters on our behalf;
- our website host or software application providers; and
- other organisations listed as trade references in a credit application.
We may disclose your personal information to overseas third parties located in Africa, Asia, Europe, North America, South America and Oceania for the purposes of supplying our goods and services.
Quality, access to & correction of information
We will take appropriate steps to verify your identity (or verify that you act as an authorised agent of the individual concerned) before granting a request to access your personal information.
We will respond to your request for access to your personal information within a reasonable time after you make the request and if access is granted, access will be provided within 30 days from your request. We will, on request, provide you with access to your personal information or update or correct your personal information, unless we are lawfully excluded from granting your request, including if:
- giving access would be unlawful;
- we are required or authorised by law or a court/tribunal order to deny access; or
- giving access is likely to prejudice one or more enforcement related activities conducted by an enforcement body.
Where your request for access is accepted, we will provide you with access to your personal information in a manner, as requested by you, providing it is reasonable to do so.
Your request for correction will be dealt with within 30 days, or such longer period as agreed by you. If we deny your request, we will provide you with a written notice detailing reasons for the refusal and the process for making a complaint about the refusal to grant your request.
We will accept your request for correction of your credit information where we are satisfied that it is inaccurate, out-of-date, incomplete, irrelevant or misleading.
Upon accepting a request for correction of your personal information, we will take all steps that are reasonable in the circumstances, having regard to the purpose for which your information is held, to correct your personal information.
If your request for correction of credit information is accepted we will provide written notice of this correction to any entity to which we have disclosed this information previously, to the extent that this is practicable.
Storage and security
Your personal and credit information will be stored as physical files in a secured area, on our electronic data base system and on computers with appropriate back up and security systems. Your personal and credit information may also be stored on a number of third party cloud hosted websites including but not limited to Nutshell CRM, Mailchump and Gmail. Any personal or credit information which is collected via our website, or which is held on our computer systems, is protected by safeguards including physical, technical (including firewalls and SSL encryption) and procedural methods.
We take reasonable steps to hold information securely in electronic or physical form. We are committed to keeping secure the data you provide to us and we will take all reasonable precautions to protect your personally identifiable information from loss, misuse, interference, unauthorised access or alteration.
We aim to achieve this through:
- imposing confidentiality requirements on our employees;
- implementing policies in relation to document storage security;
- implementing security measures to govern access to our systems;
- only providing access to personal information once proper identification has been given; and
- controlling access to our premises.
When your personal and credit information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify it. However, most of the personal and credit information is or will be stored in client files which will be kept by us for a minimum of 7 years, unless as otherwise required by law.
- your server address;
- your top level domain name (for example, .com, .gov, .au etc);
- the date and time of your visit to the site;
- the pages you accessed;
- the previous site you have visited; and
- the type of browser you are using.
Every directly addressed marketing contact sent or made by Sentek includes a means by which you may unsubscribe (opt out) of receiving further marketing information. Additionally, you may instruct us at any time to remove any previous consent you provided to receive marketing communications from us. You may also change your marketing preferences regarding the type of material you will receive. Requests should be directed to Sentek Marketing Manager, email [email protected] or you can also call Sentek general enquires line on (08) 8366 1900.
Dealing with us anonymously
Where lawful and practicable to do so, you can deal with us anonymously or using a pseudonym. You can deal with us anonymously or using a pseudonym when making a general enquiry about the goods and services that we can offer to you including via telephone or our website.
At the time you seek a quote, or purchase our goods or engage our services, it is no longer practicable for you to deal with us anonymously or using a pseudonym.
Credit information notifiable matters
In accordance with our obligations under the Privacy Act, we set out the following notifiable matters in relation to any of your personal or credit information disclosed by us to a credit reporting body for the purposes of undertaking a credit check.
- In connection with the provision of credit, we may disclose your personal and credit information to the following credit reporting bodies (“CRB”) for the purposes of undertaking a credit check in relation to an application made by you.
National Credit Insurance
You may contact National Credit Insurance using the details set out below:
- via National Credit Insurance’s website at https://nci.com.au/; or
- phone: (08) 8228 4800.
- A CRB may include any of your personal or credit information, disclosed to it by us, in reports provided to other credit providers to assist other credit providers to assess your credit worthiness.
You may access a copy of a CRB’s policy about its management of credit information on its website as set out above.
- You have the right to make a request to a CRB not to use or disclose your credit reporting information:
- for the purposes of pre-screening of direct marketing by a credit provider; or
- if you believe on reasonable grounds that you have been, or are likely to be, a victim of fraud.
- If you fail to meet any of your payment obligations under the terms of the credit that we provide to you, or if you commit a serious credit infringement, we may be entitled to disclose this to a CRB.
If you are an individual customer based in Europe and we offer or provide products or services to you the processing of your personal data will be subject to the GDPR and the following additional information applies. Individuals residing in the EU, have certain rights as to how personal data is obtained and used. We comply with the principles of data protection set out in the GDPR.
We collect, store and process personal data where there is a lawful basis to do so. The legal basis for which we collect your personal data depends on the data we collect and how we use it. This includes:
- contract performance – we may collect and process your personal information to enter into a contract with you or to perform our obligations under a contract to which you are a party;
- if it is necessary to pursue our legitimate interests and does not override your rights and interests – this is the usual basis on which we carry our business for the purposes set out above and includes when we carry out research, conduct direct marketing or otherwise communicate with you;
- with your consent – where required, we will only use your personal information for the purposes for which you have given your valid or explicit consent. For instance, we need your consent to collect and use your sensitive information such as your health information or to send you direct marketing; and
- to comply with laws or regulations that apply to us including exercising our rights – we may use and process your personal information where we are required by applicable laws, regulations or codes.
We do not collect or process any personal data from you that is considered “sensitive data” under the GDPR unless we have obtained your explicit consent, or if it is being collected subject to and in accordance with the GDPR.
Where we employ data processors to process personal data on our behalf, we only do so on the basis that such data processors comply with the requirements under the GDPR and that have adequate technical measures in place to protect personal information against unauthorised use, loss and theft.
- to be informed how your personal data is being used;
- access your personal data;
- to correct your personal data if it is inaccurate or incomplete;
- to delete your personal data (the right to be forgotten);
- to restrict processing of your information;
- to retain and reuse your personal data for your own purposes;
- to request details of personal data that we hold about you;
- to object to your personal data being used; and
- to object against automated decision making and profiling.
As mentioned in above, sometimes we will transfer or disclose information to third parties including to persons and businesses outside Australia. These third parties may include businesses or persons in Africa, Asia, Europe North America, South America and Oceania. Data transfers are made in order to assist us to provide you with, and/or to improve, the products and services we offer you. If we transfer information to persons outside Australia, we take reasonable steps to ensure that the recipients of such information do not breach the Australian Privacy Principles, and where appropriate the GDPR, in relation to that information by entering into binding contractual arrangements with such third parties.
In the event of a data breach, we are committed to complying with the requirements of all Australian Privacy Laws and where required, the provisions of the GDPR. If we detect a high risk data breach, we will notify you without undue delay and help guide you through steps to ensure better protection.
Our Privacy Officer will consider your complaint and respond as soon as reasonably possible, but not more than 30 days from receiving the complaint.
If you are unsatisfied with the outcome of your complaint you may refer your complaint to the Office of the Australian Information Commissioner to be resolved.
If you wish to:
- gain access to your personal information;
- make a complaint about a breach of your privacy;
- contact us with a query about how your information is collected or used;
- contact us regarding any other matter concerning this Policy,
you can speak directly with our staff who will do their best to try to resolve your issue as simply as possible. Alternatively, you can write to us or send us an email so that our Privacy Officer can consider the matter. We will respond to you as soon as reasonably possible.
Our Privacy Officer can be contacted as follows:
Sentek Pty Ltd
77 Magill Road
Stepney, SA 5069
Telephone: (08) 8366 1900
Facsimile: (08) 8362 8400
E-mail address: [email protected]