Polonious Pty Ltd is required to comply with the Privacy Act 1988 (Privacy Act) and with the Australian Privacy Principles (APP) (subject to the other provisions of the Privacy Act). The APPs regulate the manner in which personal information is handled throughout its life cycle, from collection to use and disclosure, storage, accessibility and disposal. Polonious Pty Ltd is also required to comply with the Spam Act 2003 (Spam Act).
What is personal information?
Personal information is information or an opinion, in any form and whether true or not, about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion. Examples include an individual’s name, address, contact number and email address.
Special provisions apply to the collection of personal information which is sensitive information. Sensitive information includes (for example) information about a person’s membership of a professional or trade association.
Collection of personal information by Polonious Pty Ltd
To the extent required by the Privacy Act:
- Polonious Pty Ltd will not collect personal information about you unless that information is necessary for one or more of our functions or activities
- Polonious Pty Ltd will collect personal information only by lawful and fair means and not in an unreasonably intrusive manner
When Polonious Pty Ltd collects personal information directly from you, we will take reasonable steps at or before the time of collection to ensure that you are aware of certain key matters, such as the purposes for which we are collecting the information, the organisations (or types of organisations) to which we would normally disclose information of that kind, the fact that you are able to access the information and how to contact us (for example, where personal information is collected on a form, we will generally include a written privacy statement on the form which sets out these details).
Polonious Pty Ltd will collect your personal information directly from you where it is reasonable and practicable to do so. Where Polonious Pty Ltd collects information about you from a third party, we will still take reasonable steps to ensure that you are made aware of the details set out above.
Use and disclosure of personal information by Polonious Pty Ltd
If Polonious Pty Ltd uses or discloses your personal information for a purpose (secondary purpose) other than the main reason for which it was originally collected (primary purpose), to the extent required by the Privacy Act, we will ensure that:
- the secondary purpose is related to the primary purpose of collection (and directly related in the case of sensitive information), and you would reasonably expect that Polonious Pty Ltd would use or disclose your information in that way;
- you have consented to the use or disclosure of your personal information for the secondary purpose:
- the use or disclosure is required or authorised by or under law; or
- the use or disclosure is otherwise permitted by the Privacy Act (for example, as a necessary part of an investigation of suspected unlawful activity)
Why does Polonious Pty Ltd collect personal information?
Polonious Pty Ltd collects personal information for a range of purposes, including to:
- process credit applications
- provide information, quotes, etc on products and services
- facilitating our business operations – eg: for managing our IT infrastructures, databases, websites and statistical and maintenance purposes
- notify customers and business partners about Polonious Pty Ltd events
- dealing with feedback and complaints
- any other purpose communicated to you at the time we collected your personal information or as required or permitted by law
From time to time, Polonious Pty Ltd surveys its customers and business partners on a range of issues such as marketing surveys regarding products and services or surveys to determine customer experience with Polonious Pty Ltd’s customer service. These surveys help us to identify and analyse the areas of improvement for our business and the quality of our products and services. If you do not wish to participate in these surveys, please advise us via the feedback details on our website.
If you are a prospective customer and you give us your consent, we may also use your personal information to provide you with information about Polonious Pty Ltd and our current and future products and services. You can advise us at any time if you no longer wish to be contacted for this purpose. Your consent will remain current until you advise us otherwise.
How might we contact you?
We may contact you in a variety of ways, for example by post, email, SMS etc.
We will not send you any commercial electronic messages such as SMSs or emails unless this is permitted by the Spam Act (for example, if we have your express or inferred consent to do so). Any commercial electronic message that we send will identify Polonious Pty Ltd as the sender and will include our contact details. The message will also provide an unsubscribe facility. If you do not wish to receive commercial electronic messages from us, please let us know (our contact details are provided at the end of this policy).
When does Polonious Pty Ltd disclose personal information to third parties?
In performing our functions and activities, we may need to disclose personal information to third parties.
Third parties with whom Polonious Pty Ltd may share your personal information include, where appropriate:
- financial institutions for payment processing
- Polonious Pty Ltd’s contracted service providers, including:
- information technology service providers;
- printers and distributors of direct marketing material; and
- external business advisers (such as auditors and lawyers)
Data quality and security
To the extent required by the Privacy Act, Polonious Pty Ltd will take reasonable steps to:
- make sure that the personal information that we collect, use and disclose is accurate, complete and up to date
- protect the personal information that we hold from misuse and loss and from unauthorised access, modification or disclosure
- destroy or permanently de-identify personal information that is no longer needed for any purpose that is permitted by the Privacy Act
Polonious Pty Ltd will generally provide individuals with the option of not identifying themselves when entering into transactions when it is lawful and practicable to do so.
Use of Commonwealth government identifiers
Polonious Pty Ltd will not use Commonwealth government identifiers (Identifiers) (such as Medicare numbers) as its own identifier of individuals. We will only use or disclose Identifiers in the circumstances permitted by the Privacy Act.
Transfer of personal information overseas
Polonious Pty Ltd will comply with requirements of the Privacy Act that relate to trans-border data flows.
Access and correction of your personal information
Please contact Polonious Pty Ltd if you would like to access or correct the personal information that we hold about you.
To protect your privacy and the privacy of others, we will need evidence of your identity before we can grant you access to information about you or change it.
Polonious Pty Ltd will generally provide you with access to your personal information (although a fee may be imposed), and will take reasonable steps to amend any personal information that is incorrect. In some circumstances, Polonious Pty Ltd may not permit access to your personal information, or may refuse to correct your personal information, in which case we will provide you with reasons for this decision.
Please contact Polonious Pty Ltd if you have any queries about the personal information that Polonious Pty Ltd holds about you or the way we handle that personal information. Polonious Pty Ltd’s contact details for privacy queries are set out below.
Attention: Privacy Officer, Suite 1, 20 Falcon Street, Crows Nest 2065
Phone: (02) 8916 6445
Please contact the Privacy Officer using the above details if you have any concerns or complaints about the manner in which your personal information has been collected or handled by Polonious Pty Ltd.
The key principles underpinning our policy are:
- Individual acceptance of personal accountability and responsibility for consistently delivering agreed services
- Making every effort to follow all agreed customer requirements and all statutory and regulatory requirements related to the service being offered
- Continual monitoring and reporting of all agreed service quality and performance indicators
- Recognition of individuals who demonstrate excellence or innovation in service delivery
We maintain and continuously improve an Integrated Management System that complies with the requirements of ISO 9001:2015.
Our quality objectives are to:
- Consistently and efficiently deliver services to our customers that comply with their specifications and relevant standards
- Resolve customer, employee and supplier queries promptly and in a friendly manner
- Give our customers the utmost confidence in our products/services and ability to meet their needs
To achieve these objectives, we shall act to:
- Ensure high levels of management and staff involvement in all operational aspects
- Continuously engage all stakeholders in meaningful consultation and communication
- Measure our performance and use this information for the continual improvement of our services and Integrated Management System
Polonious’ quality policy is applicable to our CEOs, employees, contractors and to any person or organisation that represents us as well as suppliers in the conduct of their activities for an on our behalf. This policy together with the measurable objectives and targets will be reviewed on an annual basis to ensure that it remains relevant and suitable to the operations.
Information Security Policy Statement
The security of information in all its forms is of the utmost importance to Senior Management. We acknowledge that as an organisation, we can minimise information security risks through the preservation of confidentiality, integrity and availability of information. This gives confidence to interested parties that risks due to potential incidents are adequately managed. Our ultimate goal to continually improve Integrated Management System performance within the business.
In order to achieve this, the following information security objectives have been established:
- Strategic and operational information security risks is understood and treated to be acceptable to Polonious Pty Ltd
- The confidentiality of client information, product development and marketing plans is protected
- The integrity of company records is preserved
- Public web services and internal networks meet specified availability standards
To achieve these objectives, we shall act to:
- Communicate this policy to all existing employees and to new employees upon commencement
- Comply with all legislative and other requirements which are relevant to Polonious Pty Ltd
- Make our commitment information security and confidentiality visible to all interested parties
- Maintaining a Management System which meets the requirements of ISO 27001:2013.
This policy is the overarching statement of Polonious Pty Ltd’s commitment to information security which is supported by an Integrated Management System that encompasses additional policies that cover specific information security topics. This policy, together with the objectives and targets set, will be reviewed on an annual basis to ensure that it remains relevant and suitable to be operations of Polonious Pty Ltd.