Senior Risk & Quality Advisor
81 Prinsep Road
JANDAKOT WA 6164
Phone: +61 8 6163 5000
2. WHAT PERSONAL INFORMATION DO WE COLLECT AND HOLD
2.1 “Personal Information” is information or an opinion, whether true or not and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained. Personal Information collected may include (but is not limited to) the following:
- a) Name, postal, residential address and/or service address
- b) Email address;
- c) Australian Business Number;
- d) Date of birth;
- e) Contact details including telephone numbers (landline and mobile);
- f) Gender;
- g) Occupation and employment details;
- h) Payment details;
- i) Any feedback that you give us; and
- j) Information that we collect for marketing purposes, such as your areas of interest and other information you provide to us.
2.2 What sensitive information do we collect about you?
We may also collect sensitive information about you including information about your health. Unless required by law, we will only collect sensitive information with your consent.
2.3 What information do we collect via our website?
We will not collect any Personal Information about users of our website except when they knowingly provide it (for example, when you fill out an online form) or as otherwise described below.
(i) Click Stream Data
When you visit and browse our website, our website host may collect information for statistical, reporting and maintenance purposes.
Subject to paragraph 3, the information collected by our website host is used to administer and improve the performance of our website and will not be used to identify you. The information may include:
- a) number of users visiting our website and the number of pages viewed;
- b) date, time and duration of a visit;
- c) IP address of your computer; and
- d) path taken through our website.
Cookies are small text files that are transferred to a user’s computer hard drive by a website for the purpose of storing information about a user’s identity, browser type or website visiting patterns. Cookies may be used on our website to monitor web traffic, for example the time of visit, pages visited and some system information about the type of computer being used. We use this information to enhance the content and services offered on our website.
Cookies are sometimes also used to collect information about what pages you visit and the type of software you are using. If you access our website or click-through an email we send you, a cookie may be downloaded onto your computer’s hard drive.
Cookies may also be used for other purposes on our website but in each case none of the information collected can be used to personally identify you.
You can configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is sent. Each browser is different, so check the “Help” menu of your browser to learn how to change your cookie preferences.
3. WHEN AND WHY WE COLLECT PERSONAL INFORMATION
We collect your Personal Information to allow us to conduct our business functions, market and sell our products and services.
We may collect your Personal Information when you:
- a) provide the information to us;
- b) visit our website (see paragraph 1.3);
- c) buy or use our products or services;
- d) request information about us, our products or our services;
- e) provide feedback;
- f) fill in a form on our website; or
- g) where we are required or authorised by law to do so.
We may also collect Personal Information about you via third parties (i.e. other organisations); however we will only collect your Personal Information in this way if it is unreasonable or impractical to collect this information directly from you and if we are otherwise permitted to do so.
4. HOW WE STORE PERSONAL INFORMATION
We store Personal Information electronically and in hard copy depending on how the data was collected.
Any Personal Information that is collected via our website or which is held on our computer systems is protected by safeguards including physical, technical (firewalls, SSL encryption, etc.) and procedural methods.
Personal Information held in hard copy form is kept to a minimum and secured in locked safes and cabinets when not in use.
Some Personal Information is stored with third parties with whom we do business. We have strict privacy and confidentiality arrangements in place with those parties. We aim to keep all Personal Information secure at all times and only make it available to those at ATCO who require it to perform their job.
We do not collect sensitive or financial information about our users via our website.
If we find that we have no further need for your Personal Information we may remove it from our systems and destroy all record of it.
5. HOW IS YOUR PERSONAL INFORMATION USED
We use the Personal Information we collect about you for our business functions and activities, which may include the following:
- a) to communicate with you and provide you with information, products or services you have requested;
- b) assist customers by providing them with information and support;
- c) personalise and customise your experiences with our website;
- d) to manage and administer any account you may hold with us;
- e) to promote and market our products and services to you or provide you with information that we believe may be of interest to you;
- f) to personalise and customise your experiences on our website;
- g) to help us research the needs of our customers and to market our products and services with a better understanding of your needs and the needs of customers generally;
- h) to conduct research for the purposes of improving existing products or services or creating new products or services;
- i) to process a job application submitted by you;
- j) to allow us to provide advertising material to you regarding us, our clients, and other business partners;
- k) share your Personal Information with our related entities, business partners and selected third parties;
- l) to respond to any queries or complaints you may have;
- m) to respond to any reports or communications you make to us;
- n) to protect us against error, fraud, theft and damage to our goods and property;
- o) to enable us to undertake our environmental, health and safety activities including incident planning, response and investigation; and
- p) to enable us to comply with applicable laws or regulatory requirements (for example we may collect Personal Information to satisfy the obligations imposed on us by various regulatory bodies or agencies to follow procedures mandated by such bodies or agencies in respect of our business and the provision of our products and services).
We may collect and use your Personal Information for other purposes not listed above. If we do so, we will make it known to you at the time we collect or use your Personal Information.
We do not otherwise disclose your Personal Information without your permission, unless the disclosure is:
- b) required or authorised by law, including without limitation the Australian Privacy Principles under the Privacy Act 1988 (Cth); or
- c) made with your consent.
6. TO WHOM WE DISCLOSE YOUR PERSONAL INFORMATION
Depending on the nature of your engagement with us, we may disclose your Personal Information to our related entities, to third parties that provide products and services to us or through us, or to other third parties including:
- a) Australian Securities and Investment Commission (ASIC);
- b) WorkCover;
- c) the Economic Regulation Authority of Western Australia (ERA);
- d) EnergySafety; or
- e) relevant external ombudsman, complaints handling or dispute resolution scheme operators).
We may also disclose your Personal Information to our website host or software application providers in certain limited circumstances, for example when our website experiences a technical problem or to ensure that it operates in an effective and secure manner.
7. WHAT IF YOU DON’T WANT TO PROVIDE US WITH YOUR PERSONAL INFORMATION
8. WHAT DO WE DO WHEN WE GET INFORMATION WE DIDN’T ASK FOR
Where we receive unsolicited Personal Information, we will check whether that Personal Information could have been collected by us from you on the basis that it is reasonably necessary for, or directly related to, one or more of our functions and activities.
If it is, we’ll handle this information the same way we do with other information we seek from you.
If not, we’ll ensure the information is destroyed or de-identified if it is lawful and reasonable to do so.
9. WHAT HAPPENS WHEN WE NO LONGER NEED YOUR PERSONAL INFORMATION
We’ll only keep your information for as long as we require it for our purposes. We’re also required to keep some of your information for certain periods of time under law.
When we no longer require your information, we’ll ensure that we take reasonable steps to destroy your information or ensure that it is de-identified.
10. USING YOUR PERSONAL INFORMATION FOR MARKETING PURPOSES
We may also use your Personal Information for sending you information, including promotional material, about us or our products and services, as well as the products and services of our related entities and third parties, now and in the future. Such marketing activates may be via direct mail, email, SMS and MMS messages.
You can contact us using the contact details specified on page 1 above if you do not want to receive marketing information from us, and we will stop sending it to you.
11. ACCESSING AND UPDATING YOUR PERSONAL INFORMATION
You are entitled to access Personal Information that we hold about you. If you request access to your Personal Information, in ordinary circumstances we will give you full access to your Personal Information. However, there may be some legal or administrative reasons to deny access. If we refuse your request to access your Personal Information, we will provide you with reasons for the refusal.
We take all reasonable steps to ensure that any Personal Information we collect and use is accurate, complete and up-to-date. To assist us in this, you need to provide true, accurate, current and complete information about yourself as requested, and properly update the information provided to us to keep it true, accurate, current and complete. Please contact us in any of the ways specified in in section 1 above if you believe that the Personal Information is inaccurate or incomplete, and we will use all reasonable efforts to correct the information.
12. WHAT TO DO IF THERE HAS BEEN A DATA BREACH
ATCO takes reasonable steps to protect the Personal Information which it holds from misuse, interference and loss; and, from unauthorised access, modification or disclosure.
A “data breach” is when Personal Information held by ATCO is lost or subjected to unauthorised access, modification, disclosure, or other misuse of interference. Examples of a data breach are when a device containing person information of customers is lost or stolen, ATCO’s database containing Personal Information is hacked or an entity mistakenly provides Personal Information to the wrong person.
– there is unauthorised access to, or unauthorised disclosure of, Personal Information, and the access or disclosure would be likely to result in serious harm to any of the individuals to which the information relates; or
– Personal Information is lost in circumstances where unauthorised access to, or unauthorised disclosure of, the information is likely to occur, and if it did occur it would be likely to result in serious harm to any of the individuals to which the information relates,
then there has been an “eligible data breach” under the Australian Privacy Act 1988.
If ATCO has reasonable grounds to suspect that there may have been an eligible data breach in relation to Personal Information which it holds, ATCO will carry out a reasonable and expeditious assessment of whether there are reasonable grounds to believe that the relevant circumstances amount to an eligible data breach.
If, by reason of such assessment or otherwise, ATCO is or becomes aware that there are reasonable grounds to believe that there has been an eligible data breach in relation to Personal Information which it holds (or held), ATCO will comply with its notification requirements under the Australian Privacy Act 1988. This may mean that ATCO notifies individuals to whom the relevant information relates.
We will investigate your queries and complaints within a reasonable period of time (usually within 30 days) and will notify you of the outcome of our investigation.
If you are not satisfied with our response you may request that your query or complaint is referred to be dealt with under our internal complaints handling procedures.
In the event that the matter cannot be resolved, you may also address your query or complaint to the Office of the Australian Information Commissioner:
- 1. by phone: 1300 363 992
- 2. by email: firstname.lastname@example.org
- 3. in writing: GPO Box 2999, Canberra, ACT 2601 or GPO Box 5218, Sydney, NSW 2001.