Privacy Policy

Privacy Act

Our business is bound by the Privacy Act 1988 (the Act) and the Australian Privacy Principles (APP). Our business is an APP entity as defined in s 6(1) of the Act.

We collect and hold personal information relating to our clients and to other people and entities associated with our clients as may be provided or disclosed to us in the course of business. Such personal information may include but is not limited to: names, addresses, telephone numbers, email addresses, social media details, occupations, bank account details and relationship details.

Personal information is collected from our clients in the following ways:

  • By clients providing it to us directly;
  • By clients authorising third parties to provide it to us;
  • By other parties providing it to us either voluntarily or pursuant to compulsory processes we conduct on our clients’ behalf.

How is personal information received and held?

Personal information may be received and held either as a hard copy, paper, or a soft copy being electronic data, in any available form. In either case, we take the security of personal information very seriously. We secure hard copy documents carefully in and out of our office. We use cyber-security systems to protect soft copy documents. We never ask for bank details or other sensitive information by email.

We adhere to the principles relating to the processing of personal data set out in the General Data Protection Regulation (GDPR) which require personal data to be:

  • Processed lawfully, fairly and in a transparent manner;
  • Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
  • Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
  • Accurate and, where necessary, kept up to date;
  • Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed; and
  • Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

We will only process personal data where we have a lawful basis for doing so. The lawful bases for processing personal data under the GDPR are:

  • Consent: the individual has given clear consent for us to process their personal data for a specific purpose;
  • Contract: the processing is necessary for a contract we have with the individual, or because they have asked us to take specific steps before entering into a contract;
  • Legal Obligation: the processing is necessary for us to comply with the law (not including contractual obligations);
  • Vital Interests: the processing is necessary to protect someone’s life;
  • Public Task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law;
  • Legitimate Interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

Under the GDPR, individuals have the following rights regarding their personal data:

  • Right to be Informed: Individuals have the right to be informed about the collection and use of their personal data.
  • Right of Access: Individuals have the right to access their personal data and supplementary information.
  • Right to Rectification: Individuals have the right to have inaccurate personal data rectified, or completed if it is incomplete.
  • Right to Erasure: Individuals have the right to have personal data erased.
  • Right to Restrict Processing: Individuals have the right to request the restriction or suppression of their personal data.
  • Right to Data Portability: Individuals have the right to obtain and reuse their personal data for their own purposes across different services.
  • Right to Object: Individuals have the right to object to the processing of their personal data in certain circumstances.
  • Rights in Relation to Automated Decision Making and Profiling: Individuals have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

For what purpose is personal information collected, held, used and disclosed?

By providing us with their personal information, our clients consent to us using their information for the purposes described in this clause.

All data is processed by the business on a lawful basis. The purposes for which we collect, hold, use and disclose personal information are:

  • To offer our products and services to our clients. In doing so we may disclose personal information to other people or entities involved in the provision of the product or service, such as government departments and individuals. We may use our clients’ personal information to deliver customised advertising to them on our website and other platforms. This may involve using cookies and similar tracking technologies to collect information about clients’ browsing behaviour and preferences. Unless compelled by law, we will never disclose personal information without the client’s knowledge and consent.
  • To send the client marketing communications about our products, services, and promotions that we believe may be of interest, which may include:
    • Email Marketing, including sending emails with information about our latest products, services, and special offers.
    • SMS Marketing, including sending text messages with promotional content.
    • Direct Mail, including sending promotional materials through postal mail.
  • To facilitate our internal and external administrative processes including financial and business operations and reporting requirements;
  • To obtain, maintain and comply with the terms of our professional indemnity and other insurance policies; and
  • To comply with applicable laws.

Our clients have the right to opt-out of receiving marketing communications from us at any time. Our clients can do this by clicking the unsubscribe link provided in the marketing emails or SMS messages you receive from us, or contacting us directly using the contact details provided in this Privacy Policy.

We will not share our clients’ personal information with third parties for their marketing purposes without our clients’ explicit consent.

How can personal information be accessed or corrected?

Clients may access their personal information and seek correction of it at any time by applying to our office in person or in writing.

Clients will be formally identified before releasing or amending any personal information.

Is personal information disclosed outside of Australia?

Where necessary we may disclose personal information to overseas recipients, including a related body corporate. We will ensure that any transfer of personal data to a third country or an international organisation is subject to appropriate safeguards as required under the GDPR.

What is the complaints process relating to personal information?

If there is a breach of this privacy policy, either of the Act or the Australian Privacy Principles (APP), a complaint may be made by the client to:

  • Our customer services team; or
  • The Office of the Australian Privacy Commissioner.

Data Breaches

All staff are responsible for protecting the confidentiality of client information and business information. Please refer any data breaches, or suspected data breaches, to the customer services team as soon as possible.

What is an eligible data breach?

An eligible data breach, defined in s 26WE(2) of the Act, is when:

  • both of the following conditions are satisfied:
  • there is unauthorised access to, or unauthorised disclosure of, the information;
  • a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates; or
  • the information is lost in circumstances where:
  • unauthorised access to, or unauthorised disclosure of, the information is likely to occur; and
  • assuming that unauthorised access to, or unauthorised disclosure of, the information were to occur, a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates;…

If there is a suspicion of a breach

If we suspect that there has been an eligible data breach, a reasonable and expeditious assessment will be conducted within 30 days.

If we believe or have reasonable grounds to believe there has been a breach then a statement will be prepared setting out:

  • The business’s details;
  • A description of the breach;
  • The kind or kinds of information concerned; and
  • Recommendations about the steps that we will take in response to it.

If practicable, we will advise the contents of the statement to each of the affected clients who may be at risk from the breach. If this is not practicable we will publish the statement on our website and take other reasonable steps to publicise its contents. Communications with individuals will be via their preferred communication method.

The statement will be submitted to the Privacy Commissioner.

Exception to reporting

Mandatory notification requirements are waived if remedial action can be taken that results in a reasonable person concluding that the access or disclosure is not likely to result in serious harm to any of those individuals.

Sale or transfer of the business to another

In the event that we are involved in a merger, acquisition, or sale of all or a portion of our assets, the client’s personal information may be transferred to the acquiring company, or we may elect to retain the client’s personal information. We will ensure that the acquiring company is bound by terms that are at least as protective of the client’s personal information as those set out in this Privacy Policy. The client will be notified via email and/or a prominent notice on our website of any change in ownership or use of the client’s personal information, as well as any choices the client may have regarding their personal information.

Our Contact Details

For any queries with respect to our privacy policy, please contact us as follows:

 

0413 191 695 
Sales@limitlessattachments.com

 

Shop Now