The purpose of this Policy is to ensure that Poly, an entity that is subject to the Australian Privacy Principles contained in the Privacy Act 1988 and the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (together Legislation), manages personal information in a manner that complies with the Legislation. For the latest versions of the Legislation, please see www.comlaw.gov.au
This Policy sets out Poly’s management and requirements in relation to the protection and proper handling of personal information collected from individuals. It also provides individuals with the opportunity to make inquiries about Poly’s compliance with the Legislation.
For further information in relation to privacy, please visit the Office of the Australian Information Commissioner’s website at www.oaic.gov.au
Individuals are not required to identify themselves when dealing with Poly unless:
- Poly is required or authorised by or under an Australian law, or an order of a court or tribunal, to deal with individuals who have identified themselves; or
- it is impracticable for Poly to deal with individuals who have not identified themselves or who have used a pseudonym. For instance, when individuals purchase real-estate properties from Poly, it is necessary for those individuals to correctly and properly identify themselves.
Collection of Personal Information
Poly only collects personal information when it is reasonably necessary for Poly’s functions or activities. The types of personal information that Poly may collect includes, but is not limited to:
- identity of the individual (for instance, name, address, date of birth and contact details, etc.,);
- proof of identification of the individual;
- financial circumstances of the individual;
- the tax file number or other information allocated by the Australian Taxation Office to the individual;
- personal requirements and preferences in relation to Poly’s products or services; and
- any other information which Poly may be able to or be required to collect by the legislation or under an Australian law.
The circumstances for which Poly may collect personal information include, but are not limited to:
- when the individual becomes a purchaser or potential purchaser of Poly’s products or services;
- when the individual becomes a tenant or potential tenant of Poly;
- when the individual submits a job application to Poly;
- when the individual seeks Poly’s advice in relation to investment opportunities;
- when the individual becomes a supplier or potential supplier to Poly;
- when the individual attends Poly’s office or showroom for inspections of Poly’s products;
- when the individual contacts Poly directly for a specific inquiry; or
- any other circumstances where the individual makes contact with Poly and it is practical for Poly to collect the individual’s personal information.
Poly generally does not collect sensitive personal information about an individual, such as:
- the individual’s religious background and religious views;
- political backgrounds or political views;
- medical conditions; and
- any other information which may generally be considered by the individual to be sensitive personal information.
However, Poly may collect sensitive personal information if it is necessary for Poly to deal with the individual and the individual has consented to Poly doing so.
Poly may also collect personal information about an individual from a third party who may be the individual’s agent when it is reasonably necessary to do so. Poly will take reasonable steps to inform the individual that Poly has the individual’s personal information, unless it is obvious to the individual from the circumstances that Poly holds such information.
Notification of Collection of Personal Information
At or before the time, or, if that is not practicable, as soon as practicable after, Poly collects personal information about an individual, Poly will notify the individual of the following matters unless it is obvious from the circumstances:
- the contact details of Poly;
- the circumstances and purpose of the collection if the individual is not aware that Poly has the personal information;
- the entities that the information is disclosed, when applicable;
- any overseas recipients of that information, when applicable;
- how the individual may access the personal information held by Poly; and
- how the individual may make a compliant in relation to the collection of the information by Poly.
Use or Disclosure of Personal Information
Poly generally holds personal information about an individual that was collected for a particular purpose (Primary Purpose) and will not use or disclose the information for another purpose unless:
- the individual has consented to the use or disclosure of the information; or
- a circumstance listed in paragraph 5.2 applies in relation to the use or disclosure of the information.
Poly may use the personal information for a purpose other than the Primary Purpose if:
- the individual reasonably expects Poly to use or disclose the information for a purpose other than a Primary Purpose;
- the use or disclosure of the information is required, or authorised by, or under an Australian law, or an order of a court or tribunal;
- a permitted general situation exists in relation to the use or disclosure of the information by Poly;
- Poly reasonably belies that the use or disclosure of the information is reasonably necessary for one or more enforcement-related activities conducted by, or on behalf of, an enforcement body; or
- the individual has consented to Poly doing so.
Poly may use or disclose personal information for a purpose including, but not limited to:
- delivery products or providing services as requested;
- assessing the suitability of the applicant;
- communicating with the individual;
- assisting with Poly’s operation and management decisions;
- improving and enhancing Poly’s products and services, including analysing customer feedback and consumer expectations;
- monitor Poly’s staff performance and service standards; and
- complying with the Legislation and any other relevant Australian law.
Poly may disclose personal information to other Poly-related entities (together Poly Entities) and external parties in certain circumstances, including but not limited to:
- Poly’s suppliers and service providers who provide systems, maintenances, and products which enable and support Poly’s business activities;
- Poly’s financiers, lenders and insurers;
- business partners for the purpose of relevant regulatory approvals;
- Australian regulatory bodies or other government agencies as agreed to or required by Australian law; and
- any other relevant parties which Poly may be required under the Legislation or other Australian law to provide the information.
Poly will not sell personal information to external entities for profit.
Poly may use or disclose personal information (other than sensitive personal information) about an individual for the purpose of direct marketing if:
- Poly collected the information from the individual;
- the individual would reasonably expect Poly to use or disclose the information for that purpose;
- Poly provides simple options to the individual who may easily request not to receive direct marketing communications from Poly; and
- the individual has made such a request from Poly.
Poly may use or disclose sensitive personal information about an individual for the purpose of direct marketing if the individual has consented to the use or disclosure of the information for that purpose.
If Poly uses or discloses personal information about an individual:
- for the purpose of direct marketing by Poly; or
- for the purpose of facilitating direct marketing by other entities;
the individual may:
- if paragraph 6.3(a) applies — request not to receive direct marketing communications from Poly; and
- if paragraph 6.3(b) applies — request Poly not to use or disclose the information for the purpose referred to in paragraph 6.3(b); and
- request Poly to provide its source of the information.
If an individual makes a request under paragraph 6.4, Poly will give effect to the request within a reasonable period after the request is made.
Cross-border Disclosure of Personal Information
Poly may disclose personal information to parties outside of Australia as Poly is a foreign-owned entity and has affiliates globally. Poly will limit the disclosure of personal information under circumstances that are necessary, and will do so in accordance with the Australian Privacy Principles. Poly will also take necessary reasonable steps to ensure that the recipients of personal information have an appropriate data management mechanism in place.
Security of Personal Information
Poly will take reasonable steps in the circumstances to protect the personal information:
- from misuse, interference and loss; and
- from unauthorised access, modification or disclosure.
- Poly holds personal information about an individual;
- Poly no longer needs the information for any purpose for which the information may be used or disclosed by Poly; and
- Poly is not required by or under the Legislation or an Australian law, or an order of a court or tribunal, to retain the information,
Poly will take such steps as are reasonable in the circumstances to destroy the information or to ensure that the information is de-identified.
Access to Personal Information
An individual can make a request in writing to Poly to access that individual’s personal information which may be held by Poly, provided the individual provides Poly with proof, to Poly’s satisfaction, of the identity of the individual making the request.
Poly may impose a charge for processing such request if it is necessary for Poly to expend time and resources to answer the request – otherwise, making the request is free of charge.
If the request to access personal information is not permitted by the Legislation or an Australian law, Poly will deny the request and provide the individual with a reason for such decision.
Correction of Personal Information
An individual can make a request in writing to Poly to change the personal information held by Poly about that individual that the individual believes to be inaccurate, out-of-date, incomplete, irrelevant or misleading.
If Poly is of the view that the personal information should not be changed, Poly may refuse to do so by providing the individual with reasons for such a decision.
If the individual disagrees with Poly’s view in paragraph 10.2, the individual can request a statement to that effect to be linked to the individual’s personal information and Poly must make keep that statement so linked.
Poly has an internal complaints management system to deal with complaints in relation to the handling of any individual’s personal information.
Please forward any complaints in writing to: firstname.lastname@example.org
Changes in the Future