1. POLICY COMMITMENT
We are committed to protecting your privacy and Personal Information when you deal with us and ensuring that it collects, stores and deals with your Personal Information appropriately and lawfully, including in accordance with the relevant privacy legislation.
- what types of Personal Information we collect and hold;
- the purposes for which we collect, hold, use and disclose Personal Information;
- how we collect and hold Personal Information;
- how and under what circumstances we disclose Personal Information;
- the measures we take to safeguard your Personal Information
- your rights in relation to your Personal Information, including how you may access, update, and/or complain in relation to the Personal Information that we hold in relation to you and seek any correction to that information;
- how the we collect, use, store and disclose credit information and commercial credit eligibility information; and
- disclosure of Personal Information to overseas recipients.
This policy was last updated on 12 November 2018.
3. DEFINITION OF PERSONAL INFORMATION
“Personal Information” means any information or opinion (whether true or not) relating to a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, or an online identifier.
4. PURPOSE OF COLLECTING, HOLDING OR USING PERSONAL INFORMATION
We collect, hold, disclose and use your Personal Information where it is reasonably necessary for us to carry out our business functions and activities and as necessary to provide our services to you. We also collect, hold, use and disclose your Personal Information for related purposes that you would reasonably expect.
For example, we may use your Personal Information to:
- provide you with booking services;
- administer the EPH Group relationship with you including responding to queries;
- internal administrative purposes, such as but not limited to procedural assessment, credit approval, risk management, staff training, accounting, billing, product and service reviews;
- determine the provision of credit in accordance with the terms of the EPH Group Application For Commercial Credit;
- assess or exchange information relating to your creditworthiness, credit history or credit capacity in accordance with the terms of the EPH Group Application For Commercial Credit;
- assist in the collection of overdue payments;
- comply with legislative requirements such as under the Personal Property and Securities Act 2009 (Cth);
- monitor activity on our website(s);
- identify and inform you about other products or services that may be of interest to you;
- provide you with information about products, services and offerings that may be of interest to you; and
- distribute our newsletters and other communications either directly or with the assistance of third party services providers.
We may also use your Personal Information for purposes which are required by law such as sharing your Personal Information in order to comply with legal obligations to which we are subject.
If we do not collect, hold, use or disclose your Personal Information, or if you do not consent, then we may not be able to assist you or provide our services to you to the best of our ability.
5. TYPES OF PERSONAL INFORMATION THE EPH GROUP COLLECT AND HOLD
The types of Personal Information we may collect from you and hold include (without limitation):
- your name, gender, date of birth, contact details, image, drivers licence, copy signature;
- payment details (such as credit/debit card number and expiry date) provided in connection with the purchase of our products and services;
- insurance provider’s details,
- company details, company contact details, business premises details;
- your trade references;
- financial details including annual earnings, bank account details
- details of the products and service provided;
- credit history information;
- information about any application for commercial credit you make with us including the amount of commercial credit you apply for;
- commercial credit reporting information about you from a credit reporting body; and
- any other information you provide to us via our website, by email, over the phone or otherwise.
6 HOW THE EPH GROUP COLLECTS PERSONAL INFORMATION
Information collected directly from you
We may collect Personal Information from you or about you when you use our services or purchase our goods, make or update a booking to use our services, register to receive the EPH Group newsletters or other communications, visit the our websites, our Facebook page or other multimedia platform or otherwise interact with the EPH Group.
Information we collect automatically
We may automatically collect information from you and your devices when you use our websites or online services. This may include your IP address, the type of browser and device you use to access the websites, the web page you visited before coming to our websites, and other identifiers associated with the device you used to access our websites.
We note that our websites are not designed to respond to “do not track” signals received from browsers.
Information we collect from third parties
As well as collecting information directly from you, there may be occasions when we collect information about you from a third party. These third parties may include:
- third parties making bookings on your behalf, or who otherwise interact with us on your behalf, including when you make an inquiry with a representative agent but do not proceed to a booking;
- other related entities to the EPH Group;
- credit providers and credit reporting bodies; and
- publicly available sources of information.
We use technologies like cookies, pixel tags and web beacons to recognise you when you to visit our website or use our online services and to provide, improve, protect and promote our services and products.
What are cookies?
A “cookie” is a small text file which is placed on your computer or device by our webpage servers when you access our websites or online services. The purpose of a cookie is to help analyse web traffic and to allow our services to respond to you when you return to our services. Cookies are also used to enhance the secure use of our services.
Cookies are frequently used and in themselves do not identify the user, just the computer used.
When you browse our website or use our online services, we may record geographical tagging, cookies and statistical data. This may include your IP address, date and time of your visit, operating system, language preferences, device characteristics, pages visited, information downloaded and type of browser used to access the Services.
Cookies help us:
- recognise your device when you use our websites or online services;
- manage and improve our websites and online services;
- operate, evaluate and improve our business;
- analyse your use of our services;
- help diagnose technical and service problems; and
- gather demographic information about our users.
We also may use “web beacons” on our websites. A web beacon, also known as a pixel tag or clear GIF, may be used to transmit information collected through cookies to our service providers’ servers, such as the server of Google AdWords. These web beacons enable our service providers to compile anonymous information about your browsing activity.
You can choose if and how a cookie will be accepted by configuring your preferences and options in your browser. However, if you decide not to display cookies you may not experience optimum performance of our websites or online services.
8. AD NETWORKS
We may use your information to offer you products and services that we think may be of interest to you, unless you have opted out of marketing communications.
We will never provide your information to third parties for marketing purposes without receiving your consent.
10. LAWFUL BASIS FOR PROCESSING YOUR INFORMATION
We normally collect or use Personal Information from you where we have your consent to do so, where we need the information to perform a contract with you or to provide our services or products to you upon your request, or where the processing is in our legitimate interests and not overridden by your data protection interests or rights and freedoms.
11. HOW THE EPH GROUP HOLD INFORMATION AND KEEP IT SECURE
We hold your Personal Information in a combination of hard copy and electronic files. We have physical, electronic and procedural safeguards in place for personal information and take reasonable steps to ensure that your Personal Information is protected from misuse, interference and loss, and from unauthorised access, modification and disclosure.
The steps we take to protect your Personal Information include the following:
- data held and stored on paper is stored in lockable offices and in secure premises;
- data held and stored electronically is protected by internal and external firewalls, limited access via file passwords, and files designated read-only or no access;
- when transferring information to others, we ensure that appropriate and suitable safeguards and data protection measures are in place to protect your personal information;
- the use of firewalls, anti-virus software and ongoing internal monitoring;
- where we disclose personal information to third parties our contractual arrangements with them include specific privacy requirements;
- only authorised personnel will have access to personal information; and
- our staff receive training on privacy procedures.
Whilst we cannot ensure or guarantee that loss, misuse or alteration of information will never occur, we use all reasonable efforts to prevent it.
You should bear in mind that submission of information over the internet is never entirely secure. We cannot guarantee the security of information you submit via our website whilst it is in transit over the internet and any such submission is at your own risk.
12. USE AND DISCLOSURE
We understand the importance of keeping Personal Information confidential, and will only disclose such information to others in limited circumstances.
Information shared to third parties
Third parties to which we may disclose Personal Information include:
- credit providers and credit reporting bodies in accordance with the terms of the EPH Group’s Application For Commercial Credit;
- the EPH Group’s professional advisers;
- government and regulatory authorities;
- the EPH Group’s related entities;
- Credit Risk Insurers;
- Trade Credit Insurance Providers;
- Credit Reporting Bodies (default information);
- contractors who provide services to the EPH Group or who manage services provided to an individual on the EPH Group’s behalf (but only to the extent necessary to enable them to provide these services).
Personal Information will generally only be disclosed to third parties in connection with (or for reasons directly related to) any of the purposes set out in this policy or otherwise with your consent. However, we may also be permitted or obligated to disclose Personal Information to other third parties where:
- we reasonably believe that the disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety and it is unreasonable or impracticable to obtain your consent to the disclosure;
- there is reason to suspect that unlawful activity, or misconduct of a serious nature, is occurring and that the disclosure is necessary for us to take appropriate action in relation to this matter;
- we are required or authorized to do so by law and/or an enforcement body; or
- as otherwise permitted by relevant privacy laws.
In the event that we undergo reorganisation or entities of the EPH Group are sold to a third party, any Personal Information we hold about you may be transferred to that re-organised entity or third party in compliance with applicable law.
13. DISCLOSURE TO OVERSEAS RECIPIENTS
We shall not directly disclose your Personal Information to overseas recipients without your prior consent.
14. RETENTION AND DESTRUCTION OF PERSONAL INFORMATION
We will only retain your Personal Information for as long as is reasonably necessary in relation to the purposes for which it was collected. We will also retain Personal Information to ensure compliance with any applicable statutory or regulatory obligations imposed on us in relation to the retention of records.
Where you have requested we stop processing your Personal Information for marketing purposes, we may retain a record of your request to ensure we abide by your request in the future.
When your Personal Information is no longer needed, or if you request that we delete any Personal Information which we hold about you, we will use secure methods to destroy or to permanently de-identify your Personal Information when it is no longer needed. For example, paper records are shredded or destroyed securely and any electronic records are deleted from all locations, to the best of our ability, or permanently de-identified.
15. SENSITIVE INFORMATION
Sensitive Information includes information or an opinion about a person’s racial or ethnic origin, political opinions, philosophical or religious beliefs or affiliations, membership of a political, trade or professional association or trade union, sexual preferences or practices, criminal record, health or genetic information, biometric information that is used for the purpose of biometric verification or identification, or biometric templates. We will only collect, hold or disclose Sensitive Information if you have consented or the collection is required or authorized by or under law or a court/tribunal order.
16. CREDIT INFORMATION & COMMERCIAL CREDIT ELIGIBILITY INFORMATION
We collect credit information about you which includes, but is not limited to, your identification information and information about any application for commercial credit you make with us.
We also collect and hold commercial credit eligibility information about you which includes, but not limited to, commercial credit reporting information that we receive about you from a credit reporting body – i.e. Australian Securities Investment Commission extracts adverse or default reports, business summaries and profiles, PPSR Registrations, financial performance reports, trade credit reporting information and trade references.
We may also collect Personal Information about any other applicants and/or guarantors included in your application for commercial credit. If you provide Personal Information about any such third party to us, you confirm that you have authority from the applicable individual(s) to your disclosure of their personal information to us and to our use and disclosure of their Personal Information in accordance with this Policy.
So as to assess an application for commercial credit and your commercial credit standing at any time in the future, we may:
- collect your Personal Information (including information about other applicants and any guarantors (if applicable)) from any application for commercial credit you make with us;
- collect Personal Information (including credit information) about you, any other applicants and any guarantors (if applicable) from other sources including, but not limited to, any of the EPH Group related entities, credit reporting bodies and credit or debt collections agencies; and
- obtain commercial credit reporting information from a credit reporting body about you, any other applicants and any guarantors (if applicable).
We may also use your information and, if necessary, disclose it to third party agencies (including, without limitation, the EPH Group’s credit risk insurers) in connection with any credit insurance arrangements that we choose to implement, as well as, to register any security interest granted to us under the terms of any commercial credit contract that we enter into with you.
We may also obtain commercial credit reporting information from time to time during the continuation of any commercial credit contract that we enter into with you.
We may also receive from and/or disclose to any other credit provider or any credit reporting body, personal information relating to your commercial credit worthiness for the purposes of exchange of information, assessing commercial credit worthiness, and/or notification of default at any time whether now or in the future.
Information we disclose to a credit reporting body (including default information) in accordance with this Policy may be held by such credit reporting body on its system and used to provide its credit reporting services (including maintaining its credit information files and disclosing information to its subscribers), in accordance with applicable privacy legislation.
If you default in your payment obligations to us, we may also disclose information relating to that default account to a collections agency for the purpose of receiving any or all of the amounts outstanding.
We may also disclose your personal information, including commercial credit reporting information, to our trade credit insurance providers.
17. YOUR RIGHTS
Under the privacy legislation applicable to you, you may be entitled to exercise some or all of the following rights:
- Request (i) information as to whether your Personal Information is retained and (ii) access to and/or duplicates of your Personal Information retained, including the purposes of the processing, the categories of personal information concerned, and the data recipients as well as potential retention period
- Request rectification, erasure, removal or restriction of your Personal Information, for example, because (i) it is incomplete or inaccurate, (ii) it is no longer needed for the purposes for which it was collected, or (iii) the consent on which the processing was based has been withdrawn.
- Refuse to provide us with, or withdraw, your consent to processing of your Personal Information at any time.
- Object, on grounds relating to your particular situation, that your Personal Information shall be subject to processing. In this case, please provide us with information about your particular situation. After the assessment of the facts presented by you we will either stop processing your Personal Information or present you our compelling legitimate grounds for an ongoing processing.
- Object to us sending you direct marketing and profiling you for the purpose of direct marketing.
- Object to your data being subject to any automated decision making, including profiling (decisions based on data processing by automatic means, for the purpose of assessing several personal aspects).
- In certain circumstances receive your Personal Information that you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without hindrance from us.
- Lodge a complaint regarding our processing of your Personal Information with a relevant authority in a country where you live, work, or where you believe a breach may have occurred, or take legal action in relation to any potential breach of your rights regarding the processing of your personal information.
Our services and products are not directed at children under the age of 16.
If we learn that we have collected Personal Information of a child under 16 years old we will take steps to delete such information as soon as possible unless consent is given or authorised by the holder of parental responsibility over the child. If such consent is provided, the Personal Information will only be collected and used to the extent of the consent given.
19. OUR CONTACT DETAILS
Privacy Officer, EPH Group
358 Whitehorse Road, NUNAWADING VIC 3131
Ph: (03) 8878 9111
Fax: (03) 8878 9100