The purpose of this policy is to clearly express an up-to-date policy about our company's management of personal information. We are committed to protecting your personal information. By submitting your personal information to us, or by using our services, you acknowledge and consent to us using your personal information in accordance with this policy. This policy is intended to enhance the transparency of our company's operations, notify you of your rights and our obligations and provide information regarding:
- the kinds of personal information which we will collect and hold;
- how we will collect, hold, use and disclose personal information;
- the purpose for which we collect, hold, use and disclose personal information;
- how you may access personal information that is held by us and seek correction of such information;
- how you may complain about a breach of the Australian Privacy Principles (APP) or registered APP code (if any) that binds us and how we will deal with such complaint;
- whether we are likely to disclose personal information to overseas recipients;
- if we are likely to disclose personal information to overseas recipients, the countries in which such recipients are likely to be located.
AcknowledgementWe acknowledge that we must take reasonable steps when handling personal information.
Whilst we cannot warrant that this policy will be followed in every instance we will endeavour to follow this policy. Similarly, while we cannot warrant that loss, misuse, or alteration of information will never occur, we will take all reasonable steps to prevent these things from occurring. Our company has taken reasonable steps to endeavour to comply with the APPs and the Act, some examples are noted below.
- Staff training and education.
- Use of checklists to ensure that all APPs are complied with.
- Clear and transparent procedures regarding the handling of complaints and disclosure of information.
The kinds of personal information which we will collect and holdCollection It is our usual practice to collect personal information directly from the subject individual or their authorised representative(s). Personal information means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether or not recorded in a material form, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion. Some examples of some personal information we might collect are:
- contact details (such as telephone numbers, addresses, and email addresses etc.);
- date of birth; and
- payment details.
How we will collect and hold your personal informationWe only collect and hold personal information by lawful and fair means. In some circumstances, we may collect and hold personal information that has been collected from a third party or publicly available source (such as social media platforms). This will likely occur in instances where:
- you have consented for this collection (which would usually be via our privacy statement and/or credit application form); or
- you would reasonably expect us to collect your personal information in this way and it is necessary for us to collect this information for a specific purpose (such as investigation of a complaint).
We will also endeavour to ensure that our service providers have protection for electronic IT systems and other necessary restrictions. We will endeavour to ensure our staff are trained with respect to the security of the personal information we hold and we will restrict any access where necessary. While we retain personal information for as long as necessary in relation to the purposes for which it is collected, we will endeavour to destroy and de-identify the personal information once it is no longer required, except as required for business record purposes. In the event we hold personal information that is unsolicited, and we were not permitted to collect it, the personal information will be destroyed as soon as practicable. If we collect personal information about you from someone else, we will advise you as soon as practicable that this information has been collected and the circumstances which surround the collection.
Third parties may store cookies on our website, including, by way of example, Google Analytics (provided by Google Inc.) to enable us:
- to perform statistical analyses of e.g. number of visitors, information on gender, age, location, interests, and the like to learn about our visitors; and
- to improve the website friendliness and usability (e.g. on the basis of website traffic measurements).
The purpose for which we collect and hold personal informationWe will endeavour to only collect and hold personal information which is relevant to the operation of our company. Our purpose for collecting or holding personal information about you is so that it may be used directly for our functions or activities. We may use your personal information for the functions or activities of our company, which include, among other things:
- assessing credit applications;
- reviewing existing credit terms;
- assessing credit worthiness;
- collecting overdue payments;
- assessing credit guarantees (current and prospective);
- internal management purposes;
- administering accounts;
- facilitating product and service reviews;
- business development and marketing purposes;
- sales and billing;
- insurance purposes; and
- training and recruitment.
The purpose for which use and disclose personal informationWe will endeavour to only use and disclose personal information for the primary purposes noted above in relation to the functions or activities of our company. In addition, we may also use and disclose personal information (including sensitive information) for both the primary purposes specified herein and purposes other than the primary purposes, including the purpose of direct marketing. Unless one or more of the below scenarios has occurred, we will take necessary steps to prevent personal information from being given to government agencies or other organisations.
- You have provided your consent.
- You would reasonably expect that your information would be so disclosed.
- We have informed you that that your personal information will be provided to a third party.
- We are required by law to provide your personal information to a government agency or other organisation.
- The disclosure of the information will prevent a serious threat to somebody's life or health.
- The disclosure of the information reasonably necessary for the enforcement of criminal law.
- assist in locating a missing person;
- lessen or prevent a serious threat to life, health or safety;
- take appropriate action with suspected unlawful activity or serious misconduct;
- facilitate or assist with diplomatic or consular functions or activities;
- assist certain defence force activities outside Australia;
- establish or exercise a defined legal or equitable claim; or
- facilitate or assist confidential alternative dispute resolution activities.
Direct MarketingWe will take steps not to disclose personal information for direct marketing purposes unless consent has been provided. In any event you will be provided with an opt out option with respect to direct marketing should you wish to be excluded from direct marketing.If you do not elect to 'opt out' to receiving direct marketing material from us you consent to us using personal information (other than sensitive information) provided to us for direct marketing purposes.
We may however use sensitive information for direct marketing purposes if you provide your consent to do so. You may at any point in time, request to no longer receive direct marketing material from us by opting out. We will record this information on our opt out register. Direct Marketing and Third Parties We may also from time to time, if we have received your consent, provide your personal information to a third party for the purposes of direct marketing. You may at any time request the source of the personal information that has been disclosed.
Disclosure to CRBsAs indicated above, we may disclose personal information to a CRB in accordance with the permitted disclosures as defined under the Act. We may disclose your Credit Information to the following CRBs listed below. A copy of the credit reporting policy for the CRBs listed above will be available on their website or will be provided in hard copy upon request.
How you may access your personal informationYou are entitled to access your personal information held in our possession. We will endeavour to respond to your request for personal information within a reasonable time period or as soon as practicable in a manner as requested by you. We will normally respond within 30 days. You can make a request for access by sending an email or letter addressed to our Privacy Officer, the details of which are specified below.
The Privacy Officer
Mud Logic Fluid Solutions Pty Ltd
9 Crocker Drive
Malaga WA 6090
With any request that is made we will need to authenticate your identity to ensure the correct person is requesting the information. We will not charge you for making the request, however, if reasonable we may charge you with the costs associated with your request.
You will only be granted access to your personal information where we are permitted or required by law to grant access. We are unable to provide you with access that is unlawful. Further we are not required to, and will not, give access to personal information to the extent that:
- we reasonably believe that giving access would pose a serious threat to the life, health, or safety of any individual, or to public health or public safety; or
- giving access would have an unreasonable impact on the privacy of other individuals; or
- the request for access is frivolous or vexatious; or
- the information relates to existing or anticipated legal proceedings and the information would not be accessible in normal discovery procedures; or
- giving access would reveal the intentions of us in relation to negotiations and this disclosure would prejudice those negotiations; or
- denying access is required or authorised by or under an Australian law or a court/tribunal order; or
- we have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, or may be engaged in; or
- giving access would be likely to prejudice the taking of appropriate action in relation to the matter; or
- giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
- giving access would reveal evaluative information generated within us in connection with a commercially sensitive decision-making process.
- the reasons for the refusal (except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so);
- the mechanisms available to complain about the refusal; and
- any other matter prescribed by the regulations.
CorrectionShould we hold personal information and it is inaccurate, out of date, incomplete, irrelevant, or misleading, or incorrect you have the right to make us aware of this fact and request that it be corrected.
If you would like to make a request to correct your information, please contact our Privacy Officer on the details above. In assessing your request, we need to be satisfied that the information is inaccurate, out of date, incomplete, irrelevant, or misleading. We will then take all reasonable steps to ensure that it is accurate, up-to-date, complete, and not misleading. It is our normal policy to resolve any correction requests within thirty (30) days. If we require further time, we will notify you in writing and seek your consent.
Should we refuse to correct your personal information written notice will be provided to you setting out:
- the reasons for the refusal (except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so); and
- the mechanisms available to complain about the refusal; and
- any other matter prescribed by the regulations.
Notifiable Data BreachesA Notifiable Data Breach is an event where access to your personal data has been gained and there is a risk of serious harm or it is suspected that there is a serious risk to you. In the event of a Notifiable Data Breach, we will notify you. Examples of Notifiable Data Beaches include:
- loss or theft of physical devices (such as laptops and storage devices) or paper records that contain personal information;
- unauthorised access to personal information by an employee; and
- inadvertent disclosure of personal information due to 'human error' (e.g. an email sent to the wrong person).
ComplaintsIn the event that you wish to make a complaint about a failure of us to comply with our obligations in relation to the Act or the APPs please raise this with our Privacy Officer on the contact details above. We will provide you with a receipt of acknowledgment as soon as practicable. We will then endeavour to respond to your complaint and attempt to resolve the issues within thirty (30) days. In dealing with your complaint we may need to consult another credit provider or third party.
If you are not satisfied with the process of making a complaint to our Privacy Officer you may make a complaint to the Information Commissioner, the details of which are below.
Office of the Australian Information Commissioner
GPO Box 5218 Sydney NSW 2001
Telephone: 1300 363 992
Facsimile: (02) 9284 9666
The Information Commissioner can decline to investigate a complaint on a number of grounds including, among other things, where the complaint wasn't made at first to us. For more information about privacy in general, you can visit the Australian Information Commissioner's website: https://www.oaic.gov.au/.