GDPA MEMBER COMPLIANCE POLICY

ACE BODY CORPORATE MANAGEMENT SOUTH YARRA

HEREIN REFERRED TO AS THE (ENTITY)


Since 1st September 2020

CERTIFICATION NUMBER: 80342

CLICK TO VIEW RATING SYSTEM

We are 100% committed in protecting your data, the same way we wish our own personal data to be protected by others. If you have any concern, please reach out to us. Our policy herein is designed to meet our local Data Privacy Regulation, including regulations of other jurisdictions where applicable. Should you find any aspect which does not meet our obligation towards you, please feel free to let us know via the Communication Options provided at the end of this page and we will address the matter accordingly. CLICK HERE to validate our certification.


COMPLIANCE POLICY

We are committed to providing quality services to you and this policy outlines our ongoing obligations to you in respect of how we manage your Personal Information.

We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information.

A summary of the Australian Privacy Principles can be found below.  A full copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.oaic.gov.au

Information on this site is provided for Australian residents only.

Our compliance policy provides you with details of how we collect and process your personal data via our ONLINE/OFFLINE Channels (referred to as our OOC) which include:

website: https://branchlocator.acebodycorp.com.au/state/vic/south-yarra

and

This policy incorporates our obligations to comply with privacy regulations on how we collect and process your personal data via OFFLINE methods which include: face to face physical presence; sending physical hard copy data/information via traditional postal services / courier (air/sea/road) and all other applicable offline methods.

By providing us with your data, you warrant to us that you are over 16 years of age. If you are not over the age of 16, please provide parental consent.

We the ENTITY are the data controller and we are responsible for your personal data (referred to as “we”, “us” or “our” in this policy).

APP1 Open and transparent management of personal information: Ensures that APP entities manage personal information in an open and transparent way. This includes having a clearly expressed and up to date APP privacy policy.

APP2 Anonymity and pseudonymity: Requires APP entities to give individuals the option of not identifying themselves, or of using a pseudonym. Limited exceptions apply.

APP3 Collection of solicited personal information: Outlines when an APP entity can collect personal information that is solicited. It applies higher standards to the collection of ‘sensitive’ information

APP4 Dealing with unsolicited personal information: Outlines how APP entities must deal with unsolicited personal information.

APP5 Notification of the collection of personal information: Outlines when and in what circumstances an APP entity that collects personal information must notify an individual of certain matters.

APP6 Use or disclosure of personal information: Outlines the circumstances in which an APP entity may use or disclose personal information that it holds.

APP7 Direct marketing: An organisation may only use or disclose personal information for direct marketing purposes if certain conditions are met.

APP8 Cross-border disclosure of personal information: Outlines the steps an APP entity must take to protect personal information before it is disclosed overseas.

APP9 Adoption, use or disclosure of government related identifiers: Outlines the limited circumstances when an organisation may adopt a government related identifier of an individual as its own identifier, or use or disclose a government related identifier of an individual.

APP10 Quality of personal information: An APP entity must take reasonable steps to ensure the personal information it collects is accurate, up to date and complete. An entity must also take reasonable steps to ensure the personal information it uses or discloses is accurate, up to date, complete and relevant, having regard to the purpose of the use or disclosure.

APP11 Security of personal information: An APP entity must take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure. An entity has obligations to destroy or de-identify personal information in certain circumstances.

APP12 Access to personal information: Outlines an APP entity’s obligations when an individual requests to be given access to personal information held about them by the entity. This includes a requirement to provide access unless a specific exception applies.

APP13 Correction of personal information: Outlines an APP entity’s obligations in relation to correcting the personal information it holds about individuals.

The provisions of this section include where we the Entity shall:

A) Apply this policy to all personal information processed by us.

B) Be solely responsible for the ongoing compliance as defined in this policy.

C) Review this policy at least once per year.

Personal Information is information or an opinion that identifies an individual.

This privacy notice provides you with details of how we collect and process your personal data through your use of our sites as defined in section 1:INTRODUCTION, including any information you may provide through our sites when you purchase or enquire about a product or service, sign up to our newsletter or take part in a prize draw or competition.

By providing us with your data, you warrant to us that you are over 16 years of age.

Personal Information

The types of personal information we generally collect include but is not limited to:

  • Identity Data may include your first name, maiden name, last name, username, marital status, title, date of birth and gender
  • Contact Data may include your billing address, delivery address, email address and telephone numbers
  • Financial Data may include your bank account and payment card details. Transaction Data may include details about payments between us and other details of purchases made by you.

Sensitive Information

Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.

We will not ordinarily ask you to provide sensitive information. We will only collect sensitive information in circumstances where:

  • It is reasonably necessary for one or more of the services we provide or functions we carry out
  • You consent to the collection of the information
  • We are required or authorised by law to collect the sensitive information

How we collect personal information

We will, if it is reasonable or practicable to do so, collect your personal information directly from you.

Sometimes we will collect personal information from a third party or a publicly available source. For example, we may need to collect personal information from a credit reporting agency, your legal adviser or your past or current employers. We don’t guarantee website links or policy of authorised third parties.

We collect data about you through a variety of different methods including:

  • Direct interactions: You may provide data by filling in forms on our site (or otherwise) or by communicating with us in person, by post, phone, email or otherwise, including when you:
  • When you order our products or services
  • When you create an account on our site
  • When you subscribe to our services or publications
  • When you request resources or marketing be sent to you
  • When you enter a competition, prize draw, promotion or survey
  • When you give us feedback.

Automated technologies or interactions: As you use our sites, we may automatically collect Technical Data about your equipment, browsing actions and usage patterns. We collect this data by using cookies, server logs and similar technologies. We may also receive Technical Data about you if you visit other websites that use our cookies. For further details regarding cookies, please see cookies tab below.

Sometimes we will collect personal information from a third party or a publicly available source. For example, we may need to collect personal information from a credit reporting agency, your legal adviser or your past or current employers. We don’t guarantee website links or policy of authorised third parties.

How we use personal information

We will only use your personal information for the primary purpose for which it was initially collected, or for purposes which are directly related to one of our functions or activities. The most common uses of your personal data are:

  • Providing our services to you
  • Providing information to you and marketing (refer to direct marketing tab)
  • Executing a contract between us
  • Complying with a legal or regulatory obligation

We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure. When we collect Personal Information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.

Like many other businesses in Australia, we may rely on third party suppliers or contractors to provide specialised services such as web hosting, cloud computing technology and data storage services . If personal information is provided to these suppliers and contractors in order to enable them to perform the agreed tasks, we will make every effort to ensure that the supplier or contractor handles the personal information in accordance with the Act and the Australian Privacy Principles. We will also require all suppliers and contractors to provide privacy undertakings and enter into confidentiality agreements.

We may disclose your information to the following third parties and in the following circumstances:

  • If you expressly agree to any use or disclosure.
  • When we use it for the purpose for which it was collected.
  • To our related bodies corporate and franchises.
  • To franchisees who assist us in operating our business and providing our products and services.
  • To suppliers and other third parties with whom we have commercial relationships, for business, marketing and related purposes.
  • Where disclosure is required or authorised by law.
  • In circumstances where you would reasonably expect information of that kind being passed to a third party.
  • If it is reasonably necessary for enforcement related activities conducted by, or on behalf of, an enforcement body (e.g. Police, ASIC, Immigration Department ).
  • To organisations involved in maintaining, reviewing and developing our business systems, procedures and infrastructure including maintaining or upgrading our computer systems.
  • To companies in our group who provide IT and system administration services and undertake leadership reporting.
  • To service providers who provide IT and system administration services.
  • To professional advisers including lawyers, attorneys, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
  • To Revenue & Customs, regulators and other authorities based in our Country and other relevant jurisdictions who require reporting of processing activities in certain circumstances.
  • To Third parties to whom we sell, transfer, or merge parts of our business or our assets.

You may choose to deal with us anonymously or under a pseudonym where lawful and practical. Where anonymity or use of a pseudonym will render us unable to provide the relevant service or do business, we may request that you identify yourself. For example, whenever documents are to be submitted to government agencies or financial institutions, it is essential that we record your name accurately.

If you do not provide us with the personal information as described above, some or all of the following may happen:

  • We may not be able to provide the requested products or services to you, either to the same standard or at all
  • We may not be able to provide you with information about products and services that you may want
  • We may be unable to tailor the content of our websites to your preferences, thus your experience of our websites may not be as enjoyable or useful.

We may occasionally be provided with personal information which has not been requested or solicited. Where this occurs we will comply with the requirements regarding dealing with unsolicited personal information set out in APP 4.

If permitted or required by law, we may keep records of this information. If not, we will destroy or de-identify the information when practicable, lawful and reasonable to do so.

We may send you direct marketing communications and information about our products and services that we consider may be of interest to you. These communications may be sent in various forms, including mail, SMS, fax and email, in accordance with applicable marketing regulations, such as APP 7 & the Spam Act 2003 (Cth). If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so.

In addition, at any time you may opt-out of receiving marketing communications from us by using the opt-out tab on our Personal Information Access Gateway below or by using opt-out facilities provided in the marketing communications.

Once your request has been received, we will ensure that your name is removed from our mailing list.

We may disclose personal information to our related bodies corporate and third-party suppliers and service providers located outside Australia for some of the purposes listed above. We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information.

We may disclose your personal information to third party suppliers within Australia, who provide specialised services such as web hosting, cloud computing technology and data storage services. These suppliers may store data on servers located outside Australia. It is not practicable to list every country in which such overseas recipients may be located.

The Act and corresponding APPs require us to ensure that, before disclosing personal information overseas, reasonable steps are taken to ensure that overseas recipients do not breach the Act or the APPs (APP 8.1). Whilst we take reasonable steps to ensure this, it is not always possible to ensure that overseas recipients will comply. We do not take any responsibility for the actions of overseas third-party recipients of personal information. In the event that a disclosure is made in an overseas country, the information will not be protected by the Australian Privacy Principles. By providing your details, you consent to your information being disclosed in this manner.

By providing us with personal information and thereby agreeing to this privacy policy, you consent to us using and disclosing your personal information off-shore and agree that APP 8.1 will not apply to such use or disclosure. If at any time you wish to withdraw your consent, contact us using the communication options provided below. However, we may not be able to provide the products &/or services you have requested in whole or in part or those products &/or services may have to be modified.

Government-related identifiers are identifiers that have been assigned by a government agency include an individual’s licence number, Medicare number, passport number and tax file number.

We do not disclose any government related identifiers, for example by using a tax file number as a client reference for filing purposes.

It is an important to us that your Personal Information is up to date. If you believe that the personal information we hold about you is incorrect, incomplete or inaccurate, you may request that we amend it. You may submit a correction request via our Personal Information Access Request Gateway found on this privacy policy.

Please advise us as soon as you are practicable able, so we can update our records and ensure we can continue to provide quality services to you.

You may request access to any personal information we hold about you at any time via our Personal Information Access Request Gateway, found on this privacy policy. Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example, by mailing or emailing it to you). We may charge you a fee to cover our administrative and other reasonable costs in providing the information to you and, if so, the fees will be disclosed on our website. We will not charge for simply making the request and will not charge for making any corrections to your personal information.

There may be instances where we cannot grant you access to the personal information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality. If that happens, we will give you reasons for any refusal.

In order to protect your Personal Information, we may require identification from you before releasing the requested information.

We are committed to keeping your personal information secure and safe. Your personal information may be stored as hard copy documents or electronically. It is stored in a manner that reasonably protects it from misuse and loss and from unauthorised access, modification or disclosure.

Some of the ways we do this are:

  • Requiring employees and service providers to enter into confidentiality agreements.
  • Securing hard copy document storage, e.g. storing hard copy documents in locked filing cabinets.
  • Implementing security measures for access to our computer systems.
  • Ensuring that personal data is stored securely using modern software for online security and that is kept-up-to-date.
  • Limiting the access of personal data to personnel who need access and appropriate security shall be in place to avoid unauthorised sharing of information.
  • Ensuring when deleting personal data, to do so safely, securely and in such a manner where that the data is irrecoverable by any means.
  • Having in place appropriate back-up and disaster recovery solutions.

When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information. However, most of the Personal Information is or will be stored in client files which will be kept by us for a minimum of 7 years.

We the Entity have defined the social media platforms we are found on in section 1 INTRODUCTION.

Separate to our policy herein, we also adhere to the privacy conditions related to us and placed upon us by each of the social media platforms.

Here are the links to the privacy policies provided by the social media platforms we are or may become members of and to other social media platforms which you may find useful;

You may find it beneficial and/or of interest in reading them, so you can understand on how they protect your data and where applicable any provisions they place upon us the Entity in protecting your data.

In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, we the Entity shall:

  • Contain the breach and do a preliminary assessment.
  • Evaluate the risks associated with the breach.
  • Notify affected parties and where needed under the Notifiable Data Breach Scheme notify OAIC.
  • Implement security measures to prevent future breaches.

What’s a cookie?

A “cookie” is a piece of information that is stored on your computer’s hard drive and which records how you move your way around a website so that, when you revisit that website, it can present tailored options based on the information stored about your last visit. Cookies can also be used to analyse traffic and for advertising and marketing purposes.

Cookies are used by nearly all websites and do not harm your system.

If you want to check or change what types of cookies you accept, this can usually be altered within your browser settings. You can block cookies at any time by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.

How do we use cookies?

We may use cookies to track your use of our Social Media/Web Sites (SMS). This enables us to understand how you use the site and track any patterns with regards how you are using our website. This helps us to develop and improve our website as well as products and / or services in response to what you might need or want.

Cookies are either:

✍Session cookies: these are only stored on your computer during your web session and are automatically deleted when you close your browser – they usually store an anonymous session ID allowing you to browse a website without having to log in to each page but they do not collect any personal data from your computer; or

✍Persistent cookies: a persistent cookie is stored as a file on your computer and it remains there when you close your web browser. The cookie can be read by the website that created it when you visit that website again. We use persistent cookies for Google Analytics.

Cookies can also be categorized as follows:

✍Strictly necessary cookies: These cookies are essential to enable you to use the website effectively, such as when buying a product and / or service, and therefore cannot be turned off. Without these cookies, the services available to you on our website cannot be provided. These cookies do not gather information about you that could be used for marketing or remembering where you have been on the internet.

✍Performance cookies: These cookies enable us to monitor and improve the performance of our website. For example, they allow us to count visits, identify traffic sources and see which parts of the site are most popular.

✍Functionality cookies: These cookies allow our website to remember choices you make and provide enhanced features. For instance, we may be able to provide you with news or updates relevant to the services you use. They may also be used to provide services you have requested such as viewing a video or commenting on a blog. The information these cookies collect is usually anonymized.

Please note third parties who advertise on our SMS (including, for example, the owner/operators of the SMS, affiliates, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

How to block cookies?

Cookies are a nemesis to all and we apply our best efforts applying cookies that permit us to perform our legitimate interest in being able to service you and to improve the functionality and flow of our business. Should you feel uncomfortable with our cookies, you may disable them via your chosen browser following the instructions provided via the following links. Please note that disabling cookies may interrupt the flow of your information to us and not permit us to meet our obligations to you:

We endeavoured to embed “Privacy by Design” best practices in the designing of our website(s) to safeguard your personal information.

The following measures were applied:

  1. We endeavour to implement data protection issues as part of the design and implementation of systems, services, products and business practices.
  2. We endeavour to make data protection an essential component of the core functionality of our processing systems and services.
  3. We endeavour to anticipate risks and privacy-invasive events before they occur, and take steps to prevent harm to individuals.
  4. We only process the personal data that we need for our purposes(s), and that we only use the data for those purposes.
  5. We endeavour to ensure that personal data is automatically protected in any IT system, service, product, and/or business practice, so that individuals should not have to take any specific action to protect their privacy.
  6. We provide the appropriate communication channels where our members can dialogue with us.
  7. We endeavour to adopt a ‘plain language’ policy for any public documents so that individuals easily understand what we are doing with their personal data.
  8. We endeavour to provide individuals with tools so they can determine how we are using their personal data, and whether our policies are being properly enforced.
  9. We endeavour to offer strong privacy defaults, user-friendly options and controls, and respect user preferences.
  10. We endeavour to only use data processors that provide sufficient guarantees of their technical and organisational measures for data protection by design.
  11. When we use other systems, services or products in our processing activities, we endeavour to make sure that we only use those whose designers and manufacturers take data protection issues into account.
  12. We endeavour to use privacy-enhancing technologies (PETs) to assist us in complying with our data protection by design obligations.

Rest assured, we are not perfect and have no doubt that we may have not taken certain aspects into account, not because we have ignored them but because they have slipped our radar. Tell us, this is the only way we can improve our service and obligation to YOU via the COMMUNICATION OPTIONS below.

To us, Trust is Everything!

If you consider that there has been a breach of the Australian Privacy Principles, you are entitled to complain to us via the COMMUNICATION OPTIONS below.

We will acknowledge receipt of a complaint within 5 business days.  We will investigate the complaint and attempt to resolve it within 30 business days after the complaint was received. Where it is anticipated that this time-frame is not achievable, we will contact you to provide an estimate of how long it will take to investigate and respond to the complaint.

If you consider that we have not adequately dealt with a complaint contact us using the communication option provided. If you find our response inadequate you may complain to the Office of the Australian Information Commissioner on the below details:

POSTAL MAIL
Officer of the Australian Information Commissioner (OAIC)
GPO Box 5218
SYDNEY NSW 2001

EMAIL
   

PHONE
1300 363 992


PERSONAL INFORMATION REQUESTS

when requested enter our confirmation email as follows


COMMUNICATION OPTIONS

when requested enter our confirmation email as follows

You can contact us via traditional post directly to our Privacy Officer.

POSTAL DETAILS

Company:
Address: P.O. Box 6083
City: Collingwood North
State: Victoria
Postcode: 3066

MAP IT

BUSINESS PHONE NUMBER

☎ Business Hours: 03 9417 1900

BUSINESS HOURS

★ Monday to Friday
★ 9am to 5pm
★ Excluding Public Holidays