Chur Holdings Pty Ltd
Last Updated 3 April 2019
1. OUR COMMITMENT TO YOUR PRIVACY
1.1. Under the Privacy Act 1988 (Cth) (“the Act”) and the Australian Privacy Principles (“APP”), Chur Holdings Pty Ltd and its associated entities (“the Company”) have obligations in respect to the collection, storage and use of personal information.
1.2. The APP is designed to protect personal information about individuals and sets in place a framework and guidelines about how to deal with this information. APP 1.3 requires the Company to have a clearly expressed and up-to-date APP policy describing how it manages personal information. Further, in February 2018 the Notifiable Data Breaches (“NDB”) Scheme was introduced under Part IIIC of the Act. The NDB establishes requirements and compliance mechanisms for entities in responding to data breaches.
1.3. As at 25 May 2018, the General Data Protection Regulation (EU) 2016/679 (“GDPR”) was introduced providing increased transparency for data protection for all businesses transferring data to the European Union. While the GDPR and the APP share some similarities, the Company is providing robust privacy policies and procedures for its staff and clients.
1.6. The Company is committed to protecting the privacy of:
- (a) clients who utilise the services of the Company and utilise the Company’s Website, Google Play and/or Apple Iphone Application and/or Andriod Application (“Clients”);
1.8. More information on your rights under Australian law are available from the Office of the Australian Information Commissioner (“OAIC”) at https://www.oaic.gov.au/.
2. WHAT INFORMATION DOES THE COMPANY COLLECT AND HOW DOES IT USE IT?
2.1. The Company may collect anonymous information when you interact with our Website or Application, such as your browser name, IP address, device type, operating system and web log information and shall hold such information for the purposes of providing Services.
2.2. Such information will be held in a secure manner. Where applicable, and to the best of the Company’s knowledge, all computers, equipment or devices have the required security protections in place to safeguard and protect any personal information that is held by the Company.
2.4. When you set up a Service Account or a Service Provider Account with the Company through the Website or Application, the Company may collect in addition to the Service Provider Account Details and Service Account Details:
- (a) alternative contact information;
- (b) medical information;
- (c) publicly available information which may relate to Service Provider or Client’s activities in Australia;
- (d) credit references;
- (e) next of kin and other information;
- (f) your demographic information such as postcode, preferences and interests; and
- (g) other information relevant to customer surveys and/or offers.
3. PURPOSES FOR WHICH INFORMATION IS COLLECTED, HELD, USED AND DISCLOSED
3.1. We require this information, including your personal information to effectively provide services to you and understand the needs and requirements of our Clients (“Primary Purpose”).
2.5. The Company may also collect personal information directly from you in circumstances where you make direct contact with us by telephone, in writing, or via our Website or Application. The Company will only use personal information collected in this manner for the purpose of communicating with you or for the purposes of the provision of Services provided to the Client.
3.2. The Company will only gather information for its Primary Purpose of providing an effective Service to our Clients and may utilise the information to:
- (a) keep an internal record keeping, including tracking of sales, accounting and analytics.
- (b) customise the Website and Application to our Client’s best interest.
4. SENSITIVE INFORMATION
4.1. The Company does not collect the following information which is deemed to be ‘sensitive information’ under the Act:
- (a) information or an opinion about any individual’s racial/ethnic origin, political opinions, membership of political associations, religious beliefs or affiliations, philosophical beliefs, membership of professional or trade associations, membership of trade unions, sexual orientation or practices, or criminal record.
- (b) health information about an individual to the extent that it is not relevant to the Company’s Primary Purpose;
- (c) genetic information;
- (d) biometric information; or
- (e) biometric templates.
5. STORAGE OF INFORMATION
5.1. The Company has adopted appropriate data collection, storage and processing practice, and has put in place security measures to protect against unauthorised access, alteration, disclosure or destruction of your personal information and data stored on the Website or Application and servers.
5.2. The Company will only hold your personal information for as long as is reasonably necessary for the purpose for which it was collected, or to comply with any applicable legal or ethical reporting or document retention requirements.
6. SHARING OF PERSONAL INFORMATION
6.1 The Company may disclose, share or transfer personal information about Clients for the purpose of the Company fulfilling its Primary Purpose, including making enquiries to the relevant authorities to ensure that you meet the requirements under the Company’s T&C, in order to carry out the Services.
6.1. The Company may disclose share or transfer personal information about its Clients for the purpose of the Company fulfilling its Primary Purpose in circumstances where:
- (a) you have asked for credit to credit reporting bodies and other third parties, for the purposes of:
- i. assessing an application for credit;
- ii. obtaining a credit report;
- iii. notifying other credit providers of a default by you;
- iv. exchanging information with other credit providers as to the status of this credit account, where you are in default with other credit providers; and/or
- v. assessing your creditworthiness including your repayment history in the preceding two years;
- (b) we are required to do so by law;
- (c) we receive a lawful request from law enforcement agencies or other government officials;
- (d) we believe disclosure is necessary to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual illegal activity; or
- (e) you have consented or directed us to do so.
6.2. Some of the organisations referred to above are located outside Australia. By submitting your personal information, you expressly consent to the Company disclosing this information to those organisations and to its storage outside of Australia.
6.3. The Company will take reasonable steps to ensure that each organisation the Company discloses your personal information to, is committed to protecting your privacy. By allowing the Company to disclose your personal information to other organisations, you also consent to the terms and conditions and privacy policies of these entities, which are available upon request. Please be aware that your personal information may continue to be used by third party organisations following termination of our agreement with them.
6.4. You must not include any personal information about other people in any content that you provide to the Website or Application, unless such people have expressly provided their consent to you to disclose their personal information in such content, and to you providing the content to us for use on the Website or Application.
7. DATA BREACHES
7.1. In accordance with the NDB, the Company is aware of its responsibilities to notify its Clients in the event of a potential data breach that may cause serious harm to them. Further, in the event the Client is located in the European Union (“EU”), the Company acknowledges that any potential data breaches will be safeguarded by the provisions of the GDPR.
7.2. While the Company will take all reasonable endeavours to secure your data, there is the possibility of unauthorised access to, unauthorised disclosure of, or loss of your personal information that we hold (“Data Breach”).
7.3. Under the NDB, where the Company has reasonable grounds to believe that there has been a Data Breach, and that it is likely to cause serious harm to one or more individuals, the Company will:
- (a) notify the OAIC by way of the prescribed statement; and
- (b) either:
- i. notify all individuals whose personal information was part of the eligible Data Breach; or
- ii. notify only individuals at risk of serious harm from the eligible Data Breach; or
- iii. if the above isn’t practicable, publish a copy of the statement on the Website or Application and take reasonable steps to publicise the contents of the statement.
7.4. Where the Company suspects a Data Breach has occurred, the Company will immediately conduct an investigation and if one is found, the Company will follow the above procedure.
7.5. For more information on the NBD scheme, please see https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme.
8. THIRD PARTY WEBSITES AND CONTENT
8.1. This Website or Application may contain links to other websites (“Third Party Websites”) and the Company may display content or information from other websites within frames on the Website or Application.
8.2. The Company is not responsible or liable for the handling, use or disclosure of any personal information collected by a third party (including information collected through a Third Party Website), and to the extent permitted by law the Company disclaims any liability resulting from the third party’s failure to handle, use and disclose your personal information in accordance with the Act.
9. ACCESS TO THE PERSONAL INFORMATION WE HOLD ABOUT YOU
9.1. You may request details of personal information which we hold about you. If you would like a copy of the information held on you, please email us at firstname.lastname@example.org or email@example.com (“Email Address”). If you believe that any information we are holding on you is incorrect or incomplete, please email us as soon as possible at the Email Address.
9.2. We will promptly correct any information found to be incorrect.
10.1. A cookie is a small file which is stored on a user’s computer. It is designed to hold a modest amount of data specific to a particular client and website. A cookie will ask you permission to be allowed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
10.2. We may use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve the Website or Application in order to tailor it to Clients’ needs.
10.3. Overall, cookies help us provide you with a better Website or Application by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. However, this may prevent you from taking full advantage of the Website and Application.
11. AMENDMENT OF THIS POLICY