Data Privacy & Protection Policy
1. PURPOSE OF OUR POLICY
1.1. This Policy deals with how Unleashed Pty Ltd (ACN 625 086 955) and its related bodies corporate (we, us or our) handle “personal information” as it is defined in the Privacy Act 1988 (Privacy Act) and other customer data including the processing of any messages, files or other content submitted through services we offer (collectively, “Customer Information”).
1.2. We have adopted this Policy to ensure that we have standards in place to protect the Customer Information that we collect about individuals that is necessary and incidental to:
(a) providing the system and services that we offer;
(b) the operation of our website; and
(c) the normal day-to-day operations of our business.
1.3. We ensure that we comply with the Australian Privacy Principles set by the Australian Government for the handling of personal information under the Privacy Act.
2. WHO AND WHAT THIS POLICY APPLIES TO
2.1. We collect Customer Information on our own behalf and in respect of organisations that utilise the Facilitate Virtual Training Platform and other services provided by us.
2.2. This Policy applies to all forms of information, physical and digital, whether collected or stored electronically or in hardcopy.
2.3. If, at any time, an individual provides Customer Information or other information about someone other than himself or herself, the individual warrants that they have that person's consent to provide such information for the purpose specified.
3. THE INFORMATION WE COLLECT AND RECEIVE
3.1. In the course of business it is necessary for us to collect Customer Information. This information allows us to identify who an individual is for the purposes of our business, share Customer Information when asked of us, contact the individual in the ordinary course of business and transact with the individual. Without limitation, the type of information we may collect is:
(a) Customer Information. To access our services, we may need collect Customer Information including your first name, last name, email address and your phone number;
(b) Contact Information. We may collect information such as an individual’s email address, telephone or fax number, third-party usernames, residential, business and postal address and other information that allows us to contact the individual;
(c) Other Information. We may from time to time collect the following information
(i) User names;
(ii) User role within an organisation;
(iii) User date of birth;
(iv) User account login details.
(d) Statistical Information. When you use Facilitate or our website we may make a record and log some or all of the following information for statistical or maintenance purposes:
(i) volume of accounts used;
(ii) duration and frequency of use;
(iii) data level and bandwidth used;
(iv) data level uploaded and downloaded;
(v) the type of device used;
(vi) the browser used;
(vii) the internet provider to whom you are connected.
(e) Training data. Information and data in the form of training materials and content.
(f) Information an individual sends us. We may collect any personal correspondence that an individual sends us.
3.2. We may collect other Customer Information about an individual, which we will maintain in accordance with this Policy.
3.3. We do not collect “sensitive information” as it is defined in the Privacy Act (Sensitive Information) (such as information regarding your health or health treatment).
3.4. We may also collect information regarding an individual’s location at the time of access including through the use of Application Programming Interfaces (APIs) or by reference to your IP Address.
4. HOW INFORMATION IS COLLECTED
4.1. Most information will be collected in association with an individual’s use of our services, an enquiry about our services, the use of our website or generally dealing with us. However we may also receive Customer Information from sources such as staff, recruitment agencies and our business partners. In particular, information is likely to be collected as follows:
(a) Registrations/Subscriptions: When an individual registers or subscribes for a service they enter Customer Information details in order to receive or access;
(b) Supply: When an individual supplies us with goods or services;
(c) Contact: When an individual contacts us in any way;
(d) Access: When an individual accesses us through the internet we may collect information using cookies (if relevant – an individual can adjust their browser’s setting to accept or reject cookies), APIs or analytical services; and/or
(e) Use: When an individual uses the services we provide.
4.2. As there are many circumstances in which we may collect information both electronically and physically, we will endeavour to ensure that an individual is always aware of when their Customer Information is being collected.
4.3. Where we obtain Customer Information without an individual’s knowledge (such as by accidental acquisition from a client) we will either delete/destroy the information, or inform the individual that we hold such information, in accordance with the Australian Privacy Principles.
5. WHEN CUSTOMER INFORMATION IS USED AND DISCLOSED
5.1. In general, the primary principle is that we will not use any Customer Information other than for the purpose for which it was collected other than with the individual’s permission. The purpose of collection is determined by the circumstances in which the information was collected and/or submitted.
5.2. We will retain Customer Information for the period necessary to fulfil the purposes outlined in this Policy unless a longer retention period is required or permitted by law.
5.3. Customer Information such as training data and results may be disclosed to a user’s account administrator or other delegated users determined by such account administrator.
5.4. We may disclose Customer Information to affiliated companies, government agencies and other third parties in accordance with this policy and the Australian Privacy Principles.
5.5. We will not disclose or sell an individual’s Customer Information to unrelated third parties under any circumstances.
5.6. Information is used to enable us to operate our business, especially as it relates to an individual. This may include:
(a) the provision of access to our services;
(b) improving the quality or our services;
(c) verifying an individual’s identity;
(d) communicating with an individual about:
(i) their relationship with us;
(ii) our own marketing and promotions to customers and prospects;
(iii) surveys and questionnaires;
(e) investigating any complaints about or made by an individual, or if we have reason to suspect that an individual is in breach of any of our terms and conditions or that an individual is or has been otherwise engaged in any unlawful activity; and/or
(f) as required or permitted by any law (including the Privacy Act).
5.7. There are some circumstances in which we must disclose an individual’s information:
(a) where we reasonably believe that an individual may be engaged in fraudulent, deceptive or unlawful activity that a governmental authority should be made aware of; and
(b) as required by any law (including the Privacy Act).
6. DATA RETENTION
6.1. We will retain Customer Information in accordance with any applicable terms in the Software as a Service Agreement and customer’s use of services functionality, and as required by applicable law. We may retain information pertaining to individual’s use of our services for as long as necessary for the purposes described in this Policy. This may include keeping information after you have deactivated your account for the period of time needed for us to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.
7. CHOOSING TO BE CONTACTED
7.1. An individual may opt to not have us collect their personal information. This may prevent us from offering them some or all of our services and may terminate their access to some or all of the services they access with or through us. They will be aware of this when:
(a) Opt In: where relevant, the individual will have the right to choose to have information collected and/or receive information from us; or
(b) Opt Out: where relevant, the individual will have the right to choose to exclude himself or herself from some or all collection of information and/or receiving information from us.
7.2. If you believe that you have received information from us that you did not opt in to receive or that you opted not to receive, you should contact us using the details below.
8. SECURING YOUR CUSTOMER INFORMATION
8.1. We may appoint a Privacy Officer to oversee the management of this Policy and compliance with the Australian Privacy Principles and the Privacy Act. This officer may have other duties within our business and also be assisted by internal and external professionals and advisors.
8.2. We will not disclose an individual’s personal information to any entity outside of Australia that is in a jurisdiction that does not have a similar regime to the Australian Privacy Principles or an implemented and enforceable Policy similar to this Policy. We will take reasonable steps to ensure that any disclosure to an entity outside of Australia will not be made until that entity has agreed in writing with us to safeguard personal information as we do.
8.3. We will take all reasonable precautions to protect an individual’s personal information from unauthorised access. This includes appropriately securing our physical facilities and electronic networks.
8.4. We use encryption to store and transfer Customer Information. Despite this, the security of online transactions and the security of communications sent by electronic means or by post cannot be guaranteed. Each individual that provides information to us via the internet or by post does so at their own risk. We cannot accept responsibility for misuse or loss of, or unauthorised access to, Customer Information where the security of information is not within our control.
8.5. We are not responsible for the privacy or security practices of any third party (including third parties that we are permitted to disclose an individual’s Customer Information to in accordance with this policy or any applicable laws). The collection and use of an individual’s information by such third parties may be subject to separate privacy and security policies.
8.6. If an individual suspects any misuse or loss of, or unauthorised access to, their Customer Information, they should let us know immediately.
8.7. We are not liable for any loss, damage or claim arising out of another person’s use of the Customer Information where we were authorised to provide that person with the Customer Information.
9. HOW TO ACCESS AND/OR UPDATE INFORMATION
9.1. Subject to the Australian Privacy Principles, an individual has the right to request from us the personal information that we have about them, and we have an obligation to provide them with such information within 28 days of receiving their written request.
9.2. If an individual cannot update their own information, we will correct any errors in the personal information we hold about an individual within seven days of receiving written notice from them about those errors.
9.3. It is an individual’s responsibility to provide us with accurate and truthful personal information. We cannot be liable for any information that is provided to us that is incorrect.
9.4. We may charge an individual a reasonable fee for our costs incurred in meeting any of their requests to disclose the Customer Information we hold about them.
10. COMPLAINTS AND DISPUTES
10.1. If an individual has a complaint about our handling of their Customer Information, they should address their complaint in writing to the details below.
10.2. If we have a dispute regarding Customer Information, we both must first attempt to resolve the issue directly between us.
10.3. If we become aware of any unauthorised access to Customer Information we will inform them at the earliest practical opportunity once we have established what was accessed and how it was accessed.
11. CONTACTING CUSTOMERS
11.1. From time to time, we may send an individual important notices, such as changes to our terms, conditions and policies. Because this information is important to the individual’s interaction with us, they may not opt out of receiving these communications.
12. CONTACTING US
12.1. All correspondence with regards to privacy should be addressed to:
The Privacy Officer