This policy sets out the principles that Mulpha Australia Limited and its subsidiaries (Mulpha/we/us/our) adopt in the conduct of our business in order to protect your personal information. A number of our subsidiaries engage in activities under other brands. Mulpha is committed to providing you with exceptional service, and this includes protecting your privacy and being open and transparent about what we do with your personal information. In abiding with the Australian Privacy Principles and the Privacy Act 1988 (Cth), we take steps to ensure information about you, is not disclosed to or accessed by unauthorised persons.
This policy explains what kind of information we collect and hold; how and why we collect, hold and use it; and how and to whom we disclose that information. It also provides details about how you may access and seek correction of the personal information that we hold about you, and what you can do if you are not satisfied with how we have dealt with your personal information.
Personal information means any information about an individual from which that person can be reasonably identified. It does not include data where your identity has been removed or which is not associated with or linked to your personal information (anonymous data).
What personal information we obtain on you depends on the reason it is being collected, but may include your:
As part of our recruitment processes for employees and contractors the personal information we obtain depends on the role and requirements but may include:
Generally, we will seek consent from you in writing before we collect your sensitive information.
We only collect personal information about you that is necessary for us to carry on our business functions. The information we collect about you depends upon the nature of our dealings with you. Generally, we only collect personal information from you, unless it is not reasonable or practical to do so in which case, we may also collect personal information about you from third parties.
We may collect personal information which you give us, or that we collect independently, in one of the following ways:
We may collect information based on how you use our website. We use “cookies” and other data collection methods to collect information on website activity such as the number of visitors, the number of pages viewed and the internet advertisements which bring visitors to our website. This information is collected to analyse and improve our website, marketing campaigns and to record statistics on web traffic.
If you access your account with us online through a secure area of our website, we will collect your personal information using cookies. This is designed to track the use of our website and to allow our customers to effectively access their account information. This information is collected for security purposes and to protect the integrity of account details.
We collect personal information about you from third parties such as:
Third parties to whom you have provided your personal information and consented for that information to be shared with us.
We only collect sensitive information if it is:
We only use your personal information for:
We use your personal information so we can, amongst others:
We may also collect, use and exchange your information in other ways where permitted by law.
If you don’t want to receive direct marketing, you can tell us by emailing us and telling us which list you would like to be removed from at email@example.com or write to us at Level 9, 117 Macquarie Street Sydney, NSW 2000 Australia.
If we collect government identifiers, such as your tax file number, we do not use or disclose this information other than required by law. We will never use a government identifier in order to identify you.
We may exchange (ie, collect from and disclose to) your personal information with the following parties for the following purposes:
Any person where we are required by law to do so.
We may send your information overseas, but only directly to our own offices or agents in an overseas location, and to service providers or other third parties who operate or hold data outside Australia. Where we do this, we make sure, as far as reasonably possible, that appropriate data handling and security arrangements are in place. Please note that Australian law may not apply to some of these entities.
We will take all reasonable steps to protect your personal information from misuse, loss, unauthorised access, modification or disclosure. We will destroy or permanently de-identify personal information we no longer need or which we are no longer required by law to retain. We have physical, electronic and procedural safeguards to protect your information which is held by us. Your information, both hard-copy and/or electronic records, are held at our secure office premises and at secure offsite premises using trusted third parties. Our office premises are protected against unauthorised access by electronic security passes which are held only by our staff, alarms and cameras. Access to information stored, including electronic records which require login and password authorisation, is restricted to our staff whose job purpose requires access. All our staff undertake information security and privacy training. We have firewalls, intrusion detection systems and virus scanning tools to protect against unauthorised persons and viruses accessing our systems.
Wherever it is lawful and practicable, we will give you the option of not providing information when entering into transactions with us. However, in most cases, if you do not provide the full and complete information requested we will be unable to provide our products or services to you.
We will take appropriate, prompt action if we have reasonable grounds to believe that a data breach may have or is suspected to have occurred. Depending on the type of data breach, this may include a review of our internal security procedures, taking remedial internal action, notifying affected individuals and the Office of the Australian Information Commissioner (OAIC).
If we are unable to notify individuals, we will publish a statement on our website and take reasonable steps to publicise the contents of this statement.
You may ask us what personal information we hold about you, and you may make a request to access to this information at any time. You may make a request by us by contacting our PRIVACY OFFICER (see below contact details). We may ask you to complete a PERSONAL INFORMATION REQUEST FORM and will process your request within a reasonable time and try to make this information available within 30 days of your request. Before we give you the requested information, we will need to confirm your identity.
We generally will not charge you a fee in respect of such access, but reasonable administrative costs may be charged in some circumstances. If there is an access charge, we will give you an estimate first and ask you to confirm that you would like us to proceed, if you would like us to, we do require payment up front. Generally, the access charge is based on an hourly rate plus any other reasonable costs incurred by us such photocopying and postage. We do not need to provide access to your information in several circumstances; for example, the information is commercially sensitive, the request is frivolous or would unreasonably interfere with another person’s privacy or be in breach of the law, or, where to provide access would pose a threat to health or public safety. If we refuse you access, we will advise you of our reasons for doing so.
You may ask us at any time to correct the information we hold about you or that we have provided to others us by contacting our PRIVACY OFFICER (see below contact details). We will process your request within a reasonable time and try to correct the information within 30 days. If it looks like it will take longer, we will let you know the reason for the delay and try to agree to an extended timeframe with you.
If we are able to correct your information because it is indeed inaccurate, we will inform you when it is so corrected.
If we disagree with you that the information is inaccurate and should be corrected, we will inform you in writing of our reasons. You may request that we attach a statement to that relevant information noting that you consider it is inaccurate misleading, incomplete, irrelevant or out-of-date. We will take reasonable steps to comply with such a request.
If you are not happy in respect of how we have dealt with your personal information or in gaining access to it, please contact our PRIVACY OFFICER to discuss your concerns (see below contact details). If we do not resolve your complaint to your satisfaction or we are unable to resolve your complaint you have the right to refer the matter the Office of the Australian Information Commissioner – Privacy Hotline on 1300 363 992 or visit their website at www.oaic.gov.au or writing to GPO Box 5218 Sydney NSW 2001.