This policy applies to Rosella Group Pty Ltd (ACN 162 797 168) (We or us or our).
Our staff members are required to read this policy and understand their responsibilities when dealing with personal information.
In this policy
• “Personal information” refers to any information or any opinion, about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether recorded in a material form or not; and
• “Sensitive information” refers to information about a person’s racial or ethnic origin, political opinions or associations, religious beliefs or affiliations, philosophical beliefs, trade and professional memberships, sexual orientation or practices, criminal record or health, genetic or biometric information or biometric templates.
Our Privacy Principles
We are bound by the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth) (Act). The APPs came into effect on 12 March 2014, when they replaced the National Privacy Principles, which applied under the Act previously. We have adopted internal policies and procedures to ensure that personal information that we collect, store, use and disclose is dealt with in accordance with the APPs. You can see the full text of the APPs online at http://www.oaic.gov.au/privacy/privacy-act/australian-privacy-principles.
Collecting personal information
We may need to collect personal information about you and others including names, addresses, phone numbers, social media handles and other contact details as well work or employment history (if you are applying for a position with us). We may also collect details about your age, sex, date of birth, hobbies and interests and other personal information about you or others.
We may need to collect personal information so we can:
• identify our customers or potential clients;
• provide or offer you products or other benefits;
• administer your competition entry;
• inform you or others of any products or initiatives that may be of interest to you or them and otherwise promote the CLR brand, including by sending you newsletters and other direct marketing correspondence;
• assess job applicants’ suitability for employment;
• monitor product performance and research and analyse consumer demands and requirements and purchasing behaviour; and
• conduct our businesses and provide our products in a professional and efficient manner.
If we are not provided with all the personal information we request, we may be unable to accept your competition entry, respond to your complaints or queries, assess your employment application, provide you with certain information, replacement products or documents (including our newsletters) or otherwise correspond with you.
Unless it is unreasonable or impractical, we typically collect personal information directly from the individual concerned. However, in certain circumstances, we collect personal information (including sensitive information) from our retail partners (e.g. Coles, Woolworths, IGA etc.) who may disclose details regarding consumer complaints to us, where the nature of the complaint is such that it is necessary as a matter of public health and safety that we are made aware of and can respond to, the circumstances that gave rise to the complaint.
We may also collect personal information from our sponsors, affiliates or partners where you have provided your consent to your personal information being disclosed to us. Where we are required and at liberty to do so, we will use our best endeavours to seek an individual’s consent before obtaining their personal information from third parties.
Personal information may be collected by us:
• when we are contacted about our products or services, in person or over the telephone or internet;
• when you provide us with information including by completing various forms including refund requests, survey forms, competition entries and newsletter subscriptions or posting content on any of our websites, social media pages or online forums;
• when we are provided with work or employment-related information (e.g. resumes, CVs) by from job applicants, either directly (e.g. in response to a job advertisement, unsolicited correspondence through LinkedIn or Seek) or indirectly (e.g. from recruitment agencies);
• when we respond to an inquiry, where we consider personal details are required or appropriate to fulfil the query.
The personal information of our clients and business contacts or their representatives will usually be recorded in hard copy files designated for the purpose for which the personal information was collected and updated on our computer database (which may be accessed by our affiliates or partners) and/or online data storage service provider.
Any additional purpose for which the information is collected (not included in this policy) will be identified when we collect the personal information, or as soon as practicable afterwards.
Collecting sensitive information
We may collect sensitive information about you or others when you deal with us over the phone, online or in person including details regarding health or medical conditions. This sensitive information is de-identified and entered into our databases for the purpose of monitoring trends in consumer attitudes and behaviour so that we can adapt our products to meet our customers’ evolving needs and requirements.
Where we are required to and it is practicable to do so, we will seek your consent before collecting your sensitive information and inform you of the purpose of the collection at that time. Your consent to collection of your sensitive information may be implied in limited circumstances.
Use of personal information
We will use personal information for purposes that include:
• to identify individuals and protect them from unauthorised access to their personal information or account;
• to provide products or services that we are obliged to provide;
• to improve our products or services;
• where disclosure is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim;
• for the purpose for which it was collected, or for a related purpose (or a directly related purpose in the case of sensitive information);
• where the individual concerned would reasonably expect us to use the information;
• for any other purpose, where an individual has consented to its use for that purpose.
Disclosure of information
Except where indicated above, we will not disclose personal information to a third party unless:
• the disclosure is for a primary purpose for which the information was collected;
• the individual concerned has consented to the disclosure;
• the third party is our agent, partner (e.g. promotional agencies that administer our competitions), stakeholder or contractor (e.g. courier companies who deliver our products), in which case we will require them to disclose and to use the personal information only for the purpose for which it was disclosed;
• the disclosure is to a related body corporate;
• the disclosure is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim; or
• the disclosure is permitted, required or authorised by or under law.
Information collected via our website
To ensure we are meeting the needs and requirements of our website users and to develop our online services, we may collect data through the use of a data analytic program. We may use this program to track use of our website, and to compile statistics on visits to the site in an aggregated form and log anonymous information such as:
• the postcode of a user’s server;
• the date and time of a user’s visit;
• the pages a user accessed or downloaded; and
• the type of browser was used.
We may use personal information to advise the individual concerned of new products and marketing initiatives that we think may be of interest to them. Those who prefer not to receive information about our services can contact our Privacy Officer and request to be removed from the relevant circulation list. Contact details for our Privacy Officer appear at the end of this policy. We may require written confirmation of a request to be removed from our circulation list, for example where legislation requires us to provide particular communications to the individual concerned.
We will not disclose personal information to a third party to enable that party to direct market their products or services to an individual, unless that individual has expressly consented to that disclosure.
Updating your information
We ask that you tell us of any changes to the personal information we hold about you. You may notify our Privacy Officer (whose contact details appear at the end of this policy) at any time to request that your personal information is amended or updated. We will then take reasonable steps to correct the information in the manner requested.
If we consider that the personal information we retain does not require amendment, we will annotate the request on our files.
The personal information that we collect will usually be recorded in hard copy files designated for the purpose for which the personal information was collected and updated on our computer databases and/or data storage service provider.
The protection of personal information is a priority for us. Electronic client data is kept on a shared drive which is located in Australia with access limited to staff.
We are committed to maintaining:
• safeguards to protect personal information against unauthorised use, disclosure, access, interference, modification, destruction and accidental loss. All personal information we hold is dealt with in accordance with the APPs;
• industry standards for the security and protection of information. Personal information is stored securely and access is restricted to authorised personnel only. Our computer systems require access passwords and these are kept secure by our personnel; and
• internal policies on management of personal information and staff training to ensure compliance with these policies. All our staff are required to read this policy and understand their responsibilities regarding personal information.
Destruction of records
We will destroy or deidentify any personal information that we hold which is no longer needed for any purpose for which it may be used or disclosed under APP 6, unless we are required by law to retain such personal information.
Access to personal information
We will generally allow an individual access to any personal information that we hold about them on request subject to any restrictions on access. We will try to give the individual concerned access in a form and manner that suits their needs. To request such access please contact our Privacy Officer. Contact details for our Privacy Officer appear at the end of this policy.
Restrictions on access
We are entitled to restrict access to personal information in accordance with the APPs. You may not be allowed access to personal information we hold where access would reveal evaluative information generated by us in connection with a commercially sensitive decision-making process. Instead, we may give you an explanation for the decision, rather than direct access to the information.
If we have given you such an explanation and you believe that direct access to the evaluative information is necessary to provide a reasonable explanation of the reasons for the decision, we will, at your request, review the decision. Personnel other than the original decision-maker will conduct the review.
Wherever direct access by you is impractical or inappropriate, we should consider together whether the use of a mutually agreed intermediary would allow sufficient access to meet both our needs and concerns.
Other instances where it may not be appropriate to provide you with access to the personal information we hold, include where:
• providing access would pose a serious and imminent threat to the life or health of any individual;
• providing access would have an unreasonable impact upon the privacy of others;
• the request for access is frivolous or vexatious; or
• the information relates to an anticipated or existing legal dispute and disclosure would compromise our position or the position of others.
Charges for access
An individual will not incur charges for lodging a request to access personal information. However, we may levy a reasonable charge for providing access to that information. We will provide an estimate of any charge on request, or if it appears to us that the work will be onerous or otherwise warrants a charge.
Transferring information overseas
We typically do not transfer personal information to any entity outside Australia. In the event that we do disclose information to an overseas’ recipient, we will take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to the disclosed personal information, unless:
• we reasonably believe that the recipient of the information is subject to a law, or binding scheme, that has the effect of protecting the information in a way that, overall, is at least substantially similar to the way that the APPs protect the information, and that there are mechanisms that you can access to take action to enforce that protection of the law or binding scheme;
• we are given consent by the individual concerned to do so, expressly or by implication after they are expressly informed by us that if they consent we will not be required to take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to the information; or
• we are legally authorised or required to do so.
Changes to our policy
We may update or change this policy. When we do so, we will publish the current policy on our website. Please check our website to review this policy regularly.
Notifiable data breach scheme
If there is a loss, or unauthorised access or disclosure of your personal information that is likely to result in serious harm to you, we will investigate and notify you and the Office o the Australian Information Commissioner as soon as practicable, in accordance with the Act.
We are committed to constantly improving our procedures so that personal information is treated appropriately.
If you feel that we have failed to deal with your personal information in accordance with the APPs or this policy, please inform us so that we have an opportunity to resolve the issue to your satisfaction. We may request that you make a complaint to us in writing.
The person to contact is our Privacy Officer, whose contact details appear at the end of this policy.
Our Privacy Officer will manage the complaint process for us by:
• referring your complaint to the appropriate Department Head who will listen to your concerns and grievances regarding our handling of personal information, discuss with you the ways in which we can remedy the situation and put in place an action plan to resolve your complaint and improve our information handling procedures (if appropriate); and
• referring your complaint to our Australian Business Unit Director and/or Managing Director if the complaint remains unresolved.
If this process does not result in an outcome that is satisfactory to you, you may contact the Office of the Australian Information Commissioner’s Office. We will work together with the Information Commissioner’s Office to resolve the issues between us.
The contact details for the Office of the Australian Information Commissioner’s Office are as follows:
Street address: Level 3, 175 Pitt Street, Sydney NSW 2000
Telephone: 1300 363 992 (for the cost of a local call anywhere in Australia)
TTY: 133 677 followed by 1300 363 992
Post: GPO Box 5218, Sydney NSW 2001
Facsimile: +61 2 9284 9666
Further information about privacy and your rights can be obtained at the Office of the Australian Information Commissioner’s website at www.oaic.gov.au.
If you wish to access any personal information that we hold about you, or have a query about this policy, please contact our Privacy
121 Cecil Street
South Melbourne VIC 3205