2. The kind of information we collect
If you are a job applicant or a potential employee of CRM, then we may be provided with your CV, birth date, contact details and other background information. We may store this information in a secure physical location and on our data base.
If you are a supplier of CRM, or a representative of a supplier, then CRM will collect your name, contact details, bank details, background checks and any other information that you have consented to provide and which is reasonably necessary for you to carry out your functions.
3. How we hold, use or store your information
Where we store your information as a part of our services or to enable us to provide our services, we have developed security measures at the physical site and have developed and implemented global standard operating procedures that cover the handling and storage of your information. These procedures are in turn localised to effectively ensure Australian standards are adhered to. Internally we have developed a set of standards to ensure our policies and procedures meet or exceed industry and government legislative requirements. In some cases, you may be using services that involve digital storage of your information, whether it is in the form of cloud storage, or as a result of us carrying out scanning or data restoration services. In these cases, we may use the following measures:
• Secure work environments and workflow systems that prevent unauthorised access and copying of your personal information.
• Ensuring that all of our employees perform their
duties in a manner that is consistent with our legal responsibilities under the Privacy Act.
• Ensuring that paper and electronic records containing Personal Information are stored in facilities that are only accessible by authorised employees.
• Secure server and network environments.
• Virus scanning tools.
• Encryption of data.• Access logging tools that protect against unauthorised access to your data and our network.
• Ongoing security reviews.
When we scan information on your behalf, the scanned images will be retained on our data servers until sent to you and will then be deleted 30 days thereafter. Our data servers are located in Australia. Wherever your personal information is stored, it will be accessed by authorised personnel only to provide technical support or to carry out other functions reasonably necessary to provide the services. This information will not be disclosed or used in any other way without your express authorisation. The digital world is constantly changing, so while these measures have been successful to date, the nature of the medium means that they cannot always be relied upon to be effective. CRM will keep striving to maintain the security of your digital personal information.
Suppliers and candidates
We will store the information that you provide us in a secure physical location or on our data servers which are located within Australia.
4. Why we collect personel information.
We collect personal information from you, or store any information that you give to us, in order for us to carry out the services we have been contracted to provide. We will also use the personal information in order to provide you with news of updated products and services, provide you with news of any marketing campaigns and where it is reasonably necessary for any other related business or marketing purposes. Having your personal information makes it easier for CRM to discuss our services with you and to contact you in a timely manner should we need to. Other reasons we collect personal information are to:
• Manage our business, including hiring staff.
• Comply with our legal obligations.
• Deal with you as a contractor providing services to CRM.
5. How we collect personal information
You may also have provided us with personal information when you requested us to undertake the conversion of documents from a physical format to a digital format.
We may receive personal information from your employers. Or, if you are a potential candidate, we may receive your CV and other background checks from a recruitment agent. You may also have directed others to provide personal information to us on your behalf, for example, the results of medical checks and police background checks. If we have knowledge of the personal information provided to us (as opposed to being provided with material for the purposes of storage) we will take reasonable steps to make sure you are aware that we have your personal information, how we received it and how we will manage it. Through our website and emails If you visit the CRM website, we may collect various non-personal information, such as internet protocol (IP) addresses, the date and time of website visits, the web pages reviewed, any links that you access through emails sent to you and any documents downloaded and the type of browser and operating system used to access the website. Where such information is collected, it may be used and disclosed by us, but only in an anonymous, aggregated form where no individuals are identified. While this information is not of a personal nature, it may become so when analysed or aggregated together with other information, which could lead to the identification of an individual. If this was to happen, we will inform you that we hold information that is capable of identifying you.
6. How to access your personal information
You are entitled to request access to the personal information that we may hold (subject to the exceptions which may apply under the Privacy Act, such as where access to such information may pose a threat to someone’s life), or you may simply want to know what sort of personal information we hold and for what purposes and how we collect, hold, use and disclose that information. If so, you should direct a written request to firstname.lastname@example.org and we will respond within a reasonable time. If we refuse to provide you with access to your personal
information, we will provide you with reasons for the refusal. If you are a representative of a customer and we hold personal information that we collected directly from you then, there is generally no cost for accessing the personal information we hold about you, unless the request is complex or resource intensive. If there is a charge, it will be reasonable, and we will let you know what it is going to be so that you can agree to it before we go ahead. If you feel that the information that we hold is incorrect or outdated, then we will take all reasonable steps to correct that information. However, where that information is held as part of the materials that you store with us, access to that information will be charged at your standard rates for retrieval and refiling.
7. Who we may share information with.
In the event of non-payment of CRM’s invoices, we may provide personal information to third party debt collectors. We have partnered with a trusted partner to provide digital services We have taken all reasonable measures to ensure that this partner does not breach the obligations under the Privacy Act. The partner limits their access to your personal information to the extent necessary to do their job. Personal information that we have collected directly from you, your personnel or from other representatives of your company are stored on servers in Australia. The content management suite of digital services that we sell is backed up to servers in Australia. By providing your personal information to us, you consent to the transfer of that information.
8. Legal disclosure of personal information
We may disclose personal information in circumstances where we are obliged to do so under Australian law, for example, where we have been provided with a subpoena or warrant that requires access to the information.
9. Data breaches and mandatory notification
CRM will comply with the data breach notification laws in respect of personal information provided directly to it, where it is able to assess whether an eligible data breach (as defined in the Privacy Act) has occurred and which has the potential to cause serious harm to an individual. Where CRM is not able to assess what, if any, harm may be caused by a suspected or actual data breach, for example, in circumstances where CRM provides storage and other related services for a customer and CRM does not know and is not in a position to discover whether such storage or other related services involves the processing of personal information, then CRM will take all reasonably necessary steps to assist the customer to uphold the customer’s obligations to notify any affected individuals and the Office of the Australian Information Commissioner. This will include timely notification to the customer and a description of the actual or suspected data breach.
10. What happens if we no longer need your personal information?
Where CRM no longer provides services to you or where the personal information is no longer reasonably necessary for us to carry out the services, then the information will be securely destroyed in our secure destruction facility or will be permanently deleted from our system.
11. Marketing by Centralian Records Management
We market our services using email, mail and phone. We will provide you with clear advice as to how you may opt out of any marketing activities that we conduct, but where you do not opt out; you will be taken to having consented to us marketing our services to you.
Any queries or complaints in relation to how we collect, use, disclose, store or destroy your personal information should be directed to email@example.com We will take your query or complaint seriously and respond within a reasonable time to address your concerns or questions.
14. More information
For any more information about the Privacy Act or your rights, please visit the website of the Office of the Australian Information Commissioner, at www.oaic.gov.au.
Centralian Records Management, 12 Hele Crescent, Ciccone, NT 0870