This Policy explains how PortxGroup complies with the requirements of the Privacy Act 1988 (Cth) (the Act) in relation to the collection, storage, use and disclosure of personal information. This Policy does not apply to employee records which are generally excluded from the requirements of the Act.
2. Whose personal information does PortxGroup collect?
PortxGroup may collect personal information from individuals including:
- business contacts, employees and contractors of its customers;
- website users;
- potential employees.
3. Why does PortxGroup collect personal information?
PortxGroup will only collect personal information when it is necessary for one or more of its business or operational purposes (primary purpose). These business or operational purposes may include:
- considering requests and inquiries for service solutions and making arrangements for rental, maintenance or sale of equipment;
- administering service solutions including assessing credit applications for rental of PortxGroup equipment, setting up customer accounts, billing and collecting payment;
- recruiting employees and engagement of contractors and consultants;
- engaging service providers, suppliers or contractors; and
- to provide information about PortxGroup’s products and services that PortxGroup believes may be of interest to you.
In collecting personal information, PortxGroup will act lawfully and fairly. You may choose not to provide PortxGroup with the information requested. However, this may mean that PortxGroup is unable to provide you with services or information.
4. What type of personal information does PortxGroup collect?
Generally, the main types of information PortxGroup collects relates to potential employees and business contacts for customers and suppliers, such as employees or officers of customers and suppliers. The types of personal information collected includes:
- general identification and contact details such as name, address, email address and phone number;
- bank details, credit/debit card number and expiry date;
- financial details;
- credit information;
- tax file number;
- information about work history, qualifications and skills; and
- opinions of others (such as former employers, referees, etc.) about work performance (whether true or not).
The Act protects sensitive information. ‘Sensitive information’ is a form of personal information and includes information or opinions about an individual’s racial or ethnic origin, political opinion, religious beliefs, sexual orientation or criminal record.
Where PortxGroup needs to collect sensitive information about you (including, among other things, information about health, medical history or specific conditions, criminal records and professional memberships), this information will only be collected with your consent. Sensitive information will only be processed by PortxGroup if such processing is necessary to comply with occupational health and safety or equal opportunity laws and regulations.
5. How does PortxGroup collect personal information?
PortxGroup collects most personal information directly from individuals, such as when they engage with PortxGroup in relation to equipment rental, sales and service. The personal information collected may be provided on forms filled out by individuals, face to face meetings, e-mail messages, through PortxGroup’s website or telephone conversations. If you contact PortxGroup, PortxGroup may keep a record of that contact.
There may be other occasions when PortxGroup collects your personal information from other sources such as credit reporting agencies (in the case of customers and prospective customers), pre-employment service providers and public records including publicly available information on social media or similar sites. Generally, PortxGroup will only collect your personal information from such sources if it is not reasonable or impracticable to collect the personal information from you.
If PortxGroup receives unsolicited personal information (including sensitive information) about you, it will assess whether it could have collected the information in accordance with section 3 above and, if not, the information will be destroyed or de-identified.
6. How does PortxGroup use personal information?
PortxGroup may collect and use your personal information to:
- provide you with information or products and services that you have requested;
- conduct credit assessments;
- handle payments and credits;
- communicate with customers and suppliers about their accounts;
- respond to applications, questions, requests or complaints that you have made to PortxGroup;
- improve customer experience and undertake market research;
- if you have applied to work with PortxGroup, assess your application;
- investigate possible fraud and illegal activity;
- comply with laws, including assisting government agencies;
- conduct investigations as may be necessary in connection with PortxGroup’s business; and
- otherwise manage PortxGroup’s business.
Without the requisite personal information in the circumstances, PortxGroup may not be able to do these things. For example, it may not be able to deliver products or services requested, or respond to your questions.
7. Disclosing personal information
PortxGroup will only use and disclose personal information for the purpose for which it was collected. PortxGroup may use and disclose personal information for another purpose (secondary purpose) if the person to which the personal information relates has consented to the disclosure or the secondary purpose is related to the primary purpose and might reasonably be expected by that person. When PortxGroup does this, it takes steps to keep information safe.
The circumstances in which PortxGroup may disclose your personal information to another organisation are limited, but include:
- when PortxGroup believes it is necessary to provide you with a service which you have requested;
- when you have provided your consent, to credit assessment agencies;
- in the context of insurance investigations;
- to PortxGroup’s customers, where required in order to provide a specific service to that customer; and
- third party service providers where required for the provision of a specific service.
PortxGroup may use or disclose personal information should it be required to do so by law or use or disclosure is permitted by the Act (including law enforcement or public safety).
PortxGroup also shares personal information with people and organisations that help it with its business, such as professional advisors, IT support, and corporate and administrative services including debt collectors. PortxGroup only does this where it is needed in order for those services to be provided. When PortxGroup does this, it takes steps to require its service providers to protect your information.
8. PortxGroup will not use your e-mail address for spam purposes
PortxGroup may contact you at the email or other address which you provide it in order to provide you with updated information about PortxGroup or its businesses.
If you are receiving information from PortxGroup and do not wish to continue receiving this information, please contact PortxGroup using the contact details in section 15 below.
9. PortxGroup’s website privacy practices
PortxGroup may use cookie technology on its website to provide information and services to website visitors. Cookies are pieces of information that a website transfers to a user’s computer hard disk for record keeping purposes and are a necessary part of facilitating online transactions. Most web browsers are set to accept cookies. Cookies are useful to determine the overall traffic patterns through PortxGroup’s website.
10. You can access the information PortxGroup keeps about you
If at any time you want to know exactly what personal information PortxGroup holds about you, you may request access by contacting PortxGroup at the address in section 15 below. Before providing you any information, PortxGroup will need to confirm your identity. PortxGroup will try to make your information available within 30 days after you ask for it. If it is likely to take longer than 30 days, PortxGroup will contact you.
In some cases, PortxGroup can refuse access or only give you access to certain information. If PortxGroup refuses access to information, an explanation for the decision will be provided, along with the exceptions relied upon for refusing access.
Please contact PortxGroup if at any time you wish to change personal information held by it that is inaccurate or out of date. If PortxGroup considers it is not necessary to correct the information, you will be provided with an explanation. You can ask PortxGroup to include a statement that you believe its record about you is inaccurate, incomplete, misleading or out of date.
If lawful and practical to do so, you will have the option of not identifying yourself when dealing with PortxGroup. However, if you elect not to be identified, PortxGroup may be unable to provide you with services or information or address your query.
12. Making a privacy complaint
If you are concerned about how PortxGroup has handled your information, please contact PortxGroup and PortxGroup will try and take steps to address your concern. If you are not satisfied with how PortxGroup has handled your complaint, you can contact the Australian Privacy Commissioner.
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Phone:1300 363 992
13. Storage and security of your personal information
PortxGroup stores personal information in various ways, including electronic and hard copy form. If no longer required, it will destroy or de-identify personal information. PortxGroup only keeps personal information for as long as it is needed.
The security of personal information is important to PortxGroup and, accordingly, reasonable steps are taken to keep secure and protected from unauthorised access, modification or disclosure, any information which PortxGroup holds about you.
PortxGroup uses a number of means to protect your personal information, including:
- training selected staff on how to keep your information safe and secure where those staff hold positions which require them to have access to personal information;
- security measures at external and internal premises that are designed to restrict access to personal information and ensure that your information is not capable of being seen or modified by unauthorised persons;
- regular review and testing of PortxGroup’s technology in order to improve the level of security; and
- physical controls to prevent access to PortxGroup’s offices by unauthorised persons.
Despite PortxGroup’s efforts, no security controls are 100% effective and it cannot ensure or warrant the security of personal information.
If there is a data breach, PortxGroup will deal with it without delay and take immediate steps to assess, remediate and if necessary make notifications in respect of any potential or actual breach.
PortxGroup currently operates across Australia however, at times, it may use international service providers. As such, some disclosures may occur outside the state or territory in which you reside and may, from time to time, include disclosures to related entities or service providers in China, Hong Kong, New Zealand, United Kingdom and Europe. PortxGroup will take reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles.
14. Handling of data breach
PortxGroup takes reasonable steps to protect the personal information which it holds from misuse, interference and loss; and, from unauthorised access, modification or disclosure.
A “data breach” is when personal information held by PortxGroup is lost or subjected to unauthorised access, modification, disclosure, or other misuse of interference. Examples of a data breach are when a device containing person information of customers is lost or stolen, PortxGroup’s database containing personal information is hacked or an entity mistakenly provides personal information to the wrong person.
- there is unauthorised access to, or unauthorised disclosure of, personal information, and the access or disclosure would be likely to result in serious harm to any of the individuals to which the information relates; or
- personal information is lost in circumstances where unauthorised access to, or unauthorised disclosure of, the information is likely to occur, and if it did occur it would be likely to result in serious harm to any of the individuals to which the information relates,
then there has been an “eligible data breach” under the Act.
If PortxGroup has reasonable grounds to suspect that there may have been an eligible data breach in relation to personal information which it holds, PortxGroup will carry out a reasonable and expeditious assessment of whether there are reasonable grounds to believe that the relevant circumstances amount to an eligible data breach.
If, by reason of such assessment or otherwise, PortxGroup is or becomes aware that there are reasonable grounds to believe that there has been an eligible data breach in relation to personal information which it holds (or held), PortxGroup will comply with its notification requirements under the Act. This may mean that PortxGroup notifies individuals to whom the relevant information relates.
15. Who to contact?
If you have any queries relating to this Policy, or you have a problem or complaint, please contact the Company Secretary of PortxGroup Pty Ltd at:
Level 1/ 1 Queens Road
Melbourne, VIC 3004 Australia
If you wish to make a complaint, please provide your contact details and information regarding the complaint. PortxGroup may need to contact you to obtain further information.
Complaints will be investigated and PortxGroup will provide the outcome an investigation in writing.
PortxGroup will seek to resolve complaints as soon as practicable. If you are not satisfied with the outcome of your complaint, you can refer the complaint to the Office of the Australia Information Commissioner.
16. Future changes
PortxGroup reserves the right to change this Policy at any time and notify you by posting an updated version of the Policy on its website www.portxgroup.com Any updated Policy will supersede all previous Policies.