Updated: 9 February, 2020
1. General Policy
The Policy covers all of the Company's activities, including the operation of the website https://www.diligenceresearch.com.au, and any related websites (the Website), the Company's operations using social media (including, but not limited to the @DiligenceESG twitter user name, and any related Facebook, Instagram or LinkedIn page), and the Company's email communications with other parties including but not limited to clients, prospective clients, service providers, contractors, regulatory authorities, and agencies.
At the Company, we take our privacy obligations seriously and are committed to ensuring that we handle personal information in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Act). The Company is also committed to complying with our international obligations, where they apply to our operations.
This Policy sets out:
1. The kinds of personal information that the Company collects and holds;
2. How the Company collects personal information,
3. How the Company holds and retain the personal information;
4. The purposes for which the Company collects, holds, uses and discloses personal information;
5. How you may access personal information about you that is held by the Company and seek correction of it if there are any inaccuracies with respect to that information;
6. How you may complain about a breach of the APPs and how the Company will deal with such a complaint; and
7. The circumstances in which personal information is likely to be disclosed to overseas recipients and the countries in which such recipients are likely to be located.
2. Collection of your personal information
Where the Company collects and holds personal information, it is collected and held for our business purposes, which are generally to fulfil our contractual and legal compliance obligations, and to keep stakeholders including prospective clients informed of our activities and services. These purposes include the following:
1. Providing services to our clients,
2. Being responsive to website, written and email inquiries,
3. Educating the public about the Company's activities,
4. Undertaking human resources activities, and
5. Making social media and website entries.
The Website and Email Services are provided by the Company to the public as a general information service, for the purposes of collating and making available publicly sourced Government and associated data.
The kinds of personal information that the Company collects and holds include:
1. Client names, contractor names, employee names, pseudonyms, telephone numbers, email addresses, physical addresses, gender information, date of birth information, and payment details;
2. Bank account, credit card and tax file number details,
3. Contractual information between the Company and clients, the Company and employees, the Company and contractors; and
4. Other information for our business purposes, which is reasonably necessary for, or directly related to, our functions or activities.
You might also share personal information with the Company in connection with the types of services you wish to obtain and/or are obtaining from the Company, the types of services you obtain from third parties, and feedback (including complaints) in relation to our services.
The Company will collect personal information directly from you unless it is not reasonable or practicable for the Company to do so.
The Company may log search activity and monitor user activity for the purposes of improving the Company’s activities. This may involve the collection of personal information.
The Company may solicit personal information through its Website, in documents, by means of our support platform, in our Messenger communications box, or during communications with our clients, contractors and others.
3. Use and disclosure of your personal information
The Company may use and disclose your personal information for the purposes for which it has been collected, or for any other purposes to which you have consented.
You may give the Company your consent expressly, or it may be implied by your conduct. Subject to the requirements of the APPs, if you would reasonably expect the information to be used or disclosed for another purpose, the Company may also use or disclose it for that purpose.
The Company may, from time to time, send to you marketing material that the Company considers will be useful to you, or other material about our activities. The Company will only do this if we collected the information from you and you would reasonably expect us to use or disclose the information for that purpose, or if you have consented to receiving such communications. We will use our best endeavours to first obtain your consent in advance.
If you do not wish to receive this information, please let us know and we will stop sending it to you within a reasonable period of time.
Depending on the service, your personal information may be disclosed to:
1. External service providers (for example in relation to their storage and management of databases, management of Websites and email traffic, and processing of credit card information) – this disclosure will always be made on a confidential basis and such service providers will be limited in their use of your information to the purpose of the Company's activities only;
2. Specialist advisers who have been engaged to provide the Company with legal, administrative, financial, insurance, research, marketing, investigative or other services;
3. Regulatory bodies which oversee or impact on our operations, including:
(a) the Australian Competition and Consumer Commission,
(b) the Australian Taxation Office and
(c) the Australian Securities and Investments Commission; and
4. Any other person authorised by you, as specified by you, such as your agent, manager, accountant and lawyer. The Company may at other times notify you about our disclosure practices in relation to specific services that we provide in relation to our activities.
In addition, the Company may use or disclose personal information:
1. If authorised or required by or under an Australian law or court/tribunal order or by request of an Australian government authority;
2. If the Company reasonably believes that the use or disclosure is necessary to take appropriate action in relation to suspected unlawful activity or misconduct;
3. If the Company reasonably believes that the use or disclosure is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body;
4. If reasonably necessary for the establishment, exercise or defence of a legal or equitable claim or for the purposes of confidential dispute resolution;
5. If the Company reasonably believes that the use or disclosure is necessary to lessen or prevent a serious threat to life, health or safety and it is unreasonable or impracticable to obtain your consent; and
6. The Company actually or reasonably believes that the use or disclosure is reasonably necessary in order to locate a person reported as missing.
Where the Company discloses personal information to third parties, whether or not permission is obtained in advance from the providers of that information, we impose strict obligations of security and confidentiality regarding the way they handle that information. The Company does not grant them permission to retain, sell or transfer that personal information.
4. Security of your personal information
Once collected, the Company holds personal information in a number of different formats, including (but not limited to) software programs (located both onsite and offsite, including in the cloud), databases, filing systems and in offsite backup storage. The Company will take reasonable steps to protect your personal information from loss, unauthorised access, modification, disclosure, interference or other misuse.
5. Sensitive personal information
The Act imposes special obligations where sensitive information (including information relating to your racial or ethnic origin, membership of political bodies, religion or trade unions, sexual preferences or activities, criminal record, state of health or medical history) is collected, used and disclosed. The Company may collect some forms of sensitive information.
The Company will not collect sensitive information about you unless you consent (we take your provision of the information to be consent to its collection), and the information is reasonably necessary for one or more of our functions or activities. If the Company holds any sensitive personal information about you, that information will only be used and disclosed by the Company for the purpose that it was provided by you to the Company.
6. Access to your personal information
At any time, you may request access to personal information about you that the Company holds by contacting the Company's Privacy Officer at firstname.lastname@example.org
The Company will process your request within a reasonable time. If the Company is not legally required to provide access to the personal information requested and does not exercise their discretion to do so, we will let you know our reasons.
7. Correction of your personal information
You should promptly notify the Company if there are any changes to your personal information. You may ask the Company at any time to correct personal information we hold about you by contacting the Company's Privacy Officer at email@example.com.
The Company will respond to you within a reasonable time. The Company will generally comply with requests to correct personal information, however if we refuse, we will give you a written notice explaining our reasons for refusal and the means by which you can make a complaint.
8. Dealing with complaints
If you have a complaint about the Company's breach of the APPs, you should contact the Company's Privacy Officer at firstname.lastname@example.org.
The Company will investigate your complaint and respond to you within a reasonable time and in accordance with our legal obligations. We will take any necessary corrective actions promptly.
9. Changes to this Policy
The Company may amend this Policy from time to time, and the amended Policy will be published on the Website. Any changes will be effective as of the date they are posted on this page unless they are backdated to apply before that date.
For further information about privacy issues, see the Office of the Australian Information Commissioner's website at www.oaic.gov.au.